diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 88dcac83a..57dbce109 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -10,7 +10,7 @@ charts/datadog-crds @DataDog/container-ecosys charts/datadog-operator @DataDog/container-ecosystems charts/extended-daemon-set @DataDog/container-ecosystems charts/datadog @DataDog/container-helm-chart-maintainers -charts/datadog/templates/_container-process-agent.yaml @DataDog/processes @DataDog/container-helm-chart-maintainers +charts/datadog/templates/_container-process-agent.yaml @DataDog/container-intake @DataDog/container-helm-chart-maintainers charts/datadog/templates/_container-system-probe.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers charts/datadog/templates/_container-trace-agent.yaml @DataDog/agent-apm @DataDog/container-helm-chart-maintainers charts/datadog/templates/_system-probe-init.yaml @DataDog/ebpf-platform @DataDog/container-helm-chart-maintainers diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index bbce00ed9..f7e423043 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -17,18 +17,18 @@ jobs: charts: ${{ steps.list-changed.outputs.changed }} steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v3.5 + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5.0 with: version: v3.6.3 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: - python-version: 3.7 + python-version: 3.12 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Run chart-testing (list-changed) id: list-changed env: @@ -52,14 +52,14 @@ jobs: - changed steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - - uses: actions/setup-python@v4 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: - python-version: 3.7 + python-version: 3.12 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Run chart-testing (lint) run: ct lint --config .github/ct.yaml @@ -69,7 +69,7 @@ jobs: - changed steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Run helm-docs @@ -100,7 +100,7 @@ jobs: - v1.31.1 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Add datadog helm repo @@ -145,20 +145,20 @@ jobs: kind: v0.22.0 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Create kind ${{ matrix.versions.k8s }} cluster with kind version ${{ matrix.versions.kind }} - uses: helm/kind-action@v1.10.0 + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: version: ${{ matrix.versions.kind }} node_image: kindest/node:${{ matrix.versions.k8s}} config: .github/kind_config.yaml - - uses: actions/setup-python@v4 + - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1 with: - python-version: 3.7 + python-version: 3.12 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.6.1 + uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 - name: Run chart-testing (install) run: ct install --config .github/ct.yaml diff --git a/.github/workflows/go-test-private-action-runner.yaml b/.github/workflows/go-test-private-action-runner.yaml index dc26fd575..06b1639af 100644 --- a/.github/workflows/go-test-private-action-runner.yaml +++ b/.github/workflows/go-test-private-action-runner.yaml @@ -22,18 +22,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Set up Go - uses: actions/setup-go@v1 + uses: actions/setup-go@0caeaed6fd66a828038c2da3c0f662a42862658f # v1.1.3 with: go-version: 1.21 id: go - name: Set up Helm - uses: azure/setup-helm@v3.5 + uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5.0 with: version: v3.10.1 - name: Add Datadog Helm repo run: helm repo add datadog https://helm.datadoghq.com && helm repo update - name: Check out code into the Go module directory - uses: actions/checkout@v1 + uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1.2.0 - name: run Go tests run: | helm dependency build ./charts/private-action-runner diff --git a/.github/workflows/go-test.yaml b/.github/workflows/go-test.yaml index 739a20b1b..20192dd45 100644 --- a/.github/workflows/go-test.yaml +++ b/.github/workflows/go-test.yaml @@ -22,18 +22,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Set up Go - uses: actions/setup-go@v1 + uses: actions/setup-go@0caeaed6fd66a828038c2da3c0f662a42862658f # v1.1.3 with: go-version: 1.21 id: go - name: Set up Helm - uses: azure/setup-helm@v4.2.0 + uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0 with: version: v3.14.0 - name: Add Datadog Helm repo run: helm repo add datadog https://helm.datadoghq.com && helm repo update - name: Check out code into the Go module directory - uses: actions/checkout@v1 + uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e # v1.2.0 - name: run Go tests run: | helm dependency build ./charts/datadog-operator @@ -70,11 +70,11 @@ jobs: kind: v0.22.0 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 - name: Create K8s ${{ matrix.versions.k8s }} cluster with kind version ${{ matrix.versions.kind }} - uses: helm/kind-action@v1.10.0 + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 with: version: ${{ matrix.versions.kind }} node_image: kindest/node:${{ matrix.versions.k8s }} diff --git a/.github/workflows/pr-labeler.yaml b/.github/workflows/pr-labeler.yaml index ff711a73d..c8a50951a 100644 --- a/.github/workflows/pr-labeler.yaml +++ b/.github/workflows/pr-labeler.yaml @@ -17,7 +17,7 @@ jobs: pull-requests: write timeout-minutes: 5 steps: - - uses: actions/labeler@v5 + - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 with: repo-token: "${{ secrets.GITHUB_TOKEN }}" configuration-path: .github/workflows/labeler/labels.yaml diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e33b3d11f..e9ba1d964 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -17,7 +17,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 with: fetch-depth: 0 - name: Configure Git @@ -29,7 +29,7 @@ jobs: helm repo add datadog https://helm.datadoghq.com helm repo add kube-state-metrics https://prometheus-community.github.io/helm-charts - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.5.0 + uses: helm/chart-releaser-action@be16258da8010256c6e82849661221415f031968 # v1.5.0 env: CR_TOKEN: '${{ secrets.GITHUB_TOKEN }}' CR_SKIP_EXISTING: true # Ignore chart changes when version was not updated (documentation) diff --git a/.gitignore b/.gitignore index 089390f06..504caf976 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ kubeconform vendor/ .vscode go.work* +.DS_Store diff --git a/charts/datadog-crds/CHANGELOG.md b/charts/datadog-crds/CHANGELOG.md index 39f9e8402..2fbdcae06 100644 --- a/charts/datadog-crds/CHANGELOG.md +++ b/charts/datadog-crds/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +# 2.4.0 + +* Update CRDs from Datadog Operator v1.12.0 tag. + +# 2.3.0 + +* Update CRDs from Datadog Operator v1.11.0 tag. + # 2.2.0 * Update CRDs from Datadog Operator v1.10.0 tag. diff --git a/charts/datadog-crds/Chart.yaml b/charts/datadog-crds/Chart.yaml index f4e6c9763..1e0c31b5d 100644 --- a/charts/datadog-crds/Chart.yaml +++ b/charts/datadog-crds/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: datadog-crds description: Datadog Kubernetes CRDs chart -version: 2.2.0 +version: 2.4.0 appVersion: "1" keywords: - monitoring diff --git a/charts/datadog-crds/README.md b/charts/datadog-crds/README.md index 851d16f49..06e25173f 100644 --- a/charts/datadog-crds/README.md +++ b/charts/datadog-crds/README.md @@ -1,6 +1,6 @@ # Datadog CRDs -![Version: 2.2.0](https://img.shields.io/badge/Version-2.2.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) +![Version: 2.4.0](https://img.shields.io/badge/Version-2.4.0-informational?style=flat-square) ![AppVersion: 1](https://img.shields.io/badge/AppVersion-1-informational?style=flat-square) This chart was designed to allow other "datadog" charts to share `CustomResourceDefinitions` such as the `DatadogMetric`. diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml index 985391de5..465d9b42f 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagentprofiles_v1.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogagentprofiles.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -97,10 +97,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key must be defined @@ -153,10 +156,13 @@ spec: description: The key of the secret to select from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be defined @@ -184,11 +190,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -199,6 +203,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -250,6 +260,12 @@ spec: If not specified, the pod priority will be default or zero if there is no default. type: string + runtimeClassName: + description: |- + If specified, indicates the pod's RuntimeClass kubelet should use to run the pod. + If the named RuntimeClass does not exist, or the CRI cannot run the corresponding handler, the pod enters the Failed terminal phase. + If no runtimeClassName is specified, the default RuntimeHandler is used, which is equivalent to the behavior when the RuntimeClass feature is disabled. + type: string updateStrategy: description: |- The deployment strategy to use to replace existing pods with new ones. @@ -312,6 +328,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator @@ -328,24 +345,7 @@ spec: conditions: description: Conditions represents the latest available observations of a DatadogAgentProfile's current state. items: - description: |- - Condition contains details for one aspect of the current state of this API Resource. - --- - This struct is intended for direct use as an array at the field path .status.conditions. For example, - - - type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` - - - // other fields - } + description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- @@ -386,12 +386,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml index 5359f9b03..8036de9ab 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogagents_v1.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogagents.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -71,6 +71,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -95,6 +96,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -133,6 +135,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -155,6 +158,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -202,11 +207,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -226,11 +233,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -252,12 +261,27 @@ spec: type: boolean failurePolicy: type: string + kubernetesAdmissionEvents: + properties: + enabled: + type: boolean + type: object mutateUnlabelled: type: boolean + mutation: + properties: + enabled: + type: boolean + type: object registry: type: string serviceName: type: string + validation: + properties: + enabled: + type: boolean + type: object webhookName: type: string type: object @@ -689,6 +713,69 @@ spec: scrubContainers: type: boolean type: object + otelCollector: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + coreConfig: + properties: + enabled: + type: boolean + extensionTimeout: + type: integer + extensionURL: + type: string + type: object + enabled: + type: boolean + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-type: atomic + type: object otlp: properties: receiver: @@ -778,6 +865,11 @@ spec: type: boolean type: object type: object + serviceDiscovery: + properties: + enabled: + type: boolean + type: object tcpQueueLength: properties: enabled: @@ -791,6 +883,8 @@ spec: type: object global: properties: + checksTagCardinality: + type: string clusterAgentToken: type: string clusterAgentTokenSecret: @@ -881,6 +975,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -919,6 +1014,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -978,6 +1074,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -1000,6 +1097,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1038,6 +1137,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1076,6 +1176,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1136,11 +1237,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1171,6 +1274,8 @@ spec: type: object registry: type: string + runProcessChecksInCoreAgent: + type: boolean secretBackend: properties: args: @@ -1189,6 +1294,9 @@ spec: type: string type: array x-kubernetes-list-type: set + required: + - namespace + - secrets type: object type: array x-kubernetes-list-type: atomic @@ -1227,11 +1335,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1243,11 +1353,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -1258,6 +1370,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -1274,11 +1387,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1290,14 +1405,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -1323,17 +1441,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1347,11 +1477,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1362,6 +1494,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1375,6 +1508,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1391,17 +1525,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1415,11 +1561,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1430,12 +1578,14 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -1457,17 +1607,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1481,11 +1643,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1496,6 +1660,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1509,6 +1674,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1525,17 +1691,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1549,11 +1727,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1564,12 +1744,14 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object annotations: @@ -1605,6 +1787,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1643,6 +1826,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1669,6 +1853,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -1679,6 +1864,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1699,6 +1885,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -1751,6 +1938,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -1761,6 +1949,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1781,6 +1970,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -1828,6 +2018,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1889,16 +2081,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -1946,6 +2149,87 @@ spec: type: string type: object type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object volumeMounts: items: properties: @@ -1957,6 +2241,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -1972,6 +2258,8 @@ spec: x-kubernetes-list-type: map type: object type: object + createPodDisruptionBudget: + type: boolean createRbac: type: boolean customConfigurations: @@ -2012,6 +2300,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic options: items: properties: @@ -2021,10 +2310,12 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic searches: items: type: string type: array + x-kubernetes-list-type: atomic type: object dnsPolicy: type: string @@ -2042,6 +2333,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -2080,6 +2372,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -2101,6 +2394,7 @@ spec: configMapRef: properties: name: + default: "" type: string optional: type: boolean @@ -2111,6 +2405,7 @@ spec: secretRef: properties: name: + default: "" type: string optional: type: boolean @@ -2194,6 +2489,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2216,8 +2512,19 @@ spec: replicas: format: int32 type: integer + runtimeClassName: + type: string securityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -2256,6 +2563,9 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -2268,6 +2578,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -2347,10 +2658,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -2374,6 +2687,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -2383,6 +2697,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2400,6 +2715,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2428,7 +2744,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2443,6 +2761,7 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2498,6 +2817,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -2522,6 +2842,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -2551,18 +2872,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2593,11 +2902,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2606,6 +2917,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -2628,10 +2941,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -2648,6 +2963,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2707,6 +3023,13 @@ spec: required: - path type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object iscsi: properties: chapAuthDiscovery: @@ -2720,6 +3043,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -2728,11 +3052,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2794,6 +3120,45 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -2811,7 +3176,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2857,6 +3224,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -2875,7 +3243,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2895,6 +3265,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -2921,22 +3292,27 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -2945,6 +3321,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -2955,12 +3332,14 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -2993,6 +3372,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -3007,6 +3387,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -3240,6 +3621,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -3264,6 +3646,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -3302,6 +3685,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -3324,6 +3708,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -3371,11 +3757,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3395,11 +3783,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3421,12 +3811,27 @@ spec: type: boolean failurePolicy: type: string + kubernetesAdmissionEvents: + properties: + enabled: + type: boolean + type: object mutateUnlabelled: type: boolean + mutation: + properties: + enabled: + type: boolean + type: object registry: type: string serviceName: type: string + validation: + properties: + enabled: + type: boolean + type: object webhookName: type: string type: object @@ -3858,6 +4263,69 @@ spec: scrubContainers: type: boolean type: object + otelCollector: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + coreConfig: + properties: + enabled: + type: boolean + extensionTimeout: + type: integer + extensionURL: + type: string + type: object + enabled: + type: boolean + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-type: atomic + type: object otlp: properties: receiver: @@ -3947,6 +4415,11 @@ spec: type: boolean type: object type: object + serviceDiscovery: + properties: + enabled: + type: boolean + type: object tcpQueueLength: properties: enabled: diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml index aa593079c..4b5a7a504 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogdashboards_v1.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogdashboards.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -159,24 +159,7 @@ spec: conditions: description: Conditions represents the latest available observations of the state of a DatadogDashboard. items: - description: |- - Condition contains details for one aspect of the current state of this API Resource. - --- - This struct is intended for direct use as an array at the field path .status.conditions. For example, - - - type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` - - - // other fields - } + description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- @@ -217,12 +200,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml index 614eea1e6..bbefe7dfc 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmetrics_v1.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogmetrics.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml index dd9811dd8..8a734a69b 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogmonitors_v1.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogmonitors.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml index ecbfd2c37..355798a05 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogpodautoscalers_v1.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogpodautoscalers.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -231,6 +231,14 @@ spec: type: object type: array x-kubernetes-list-type: atomic + stabilizationWindowSeconds: + description: |- + StabilizationWindowSeconds is the number of seconds the controller should lookback at previous recommendations + before deciding to apply a new one. Defaults to 0. + format: int32 + maximum: 1800 + minimum: 0 + type: integer strategy: description: |- Strategy is used to specify which policy should be used. @@ -297,6 +305,14 @@ spec: type: object type: array x-kubernetes-list-type: atomic + stabilizationWindowSeconds: + description: |- + StabilizationWindowSeconds is the number of seconds the controller should lookback at previous recommendations + before deciding to apply a new one. Defaults to 0. + format: int32 + maximum: 1800 + minimum: 0 + type: integer strategy: description: |- Strategy is used to specify which policy should be used. diff --git a/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml index 0cb8c68bd..bbaa77066 100644 --- a/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml +++ b/charts/datadog-crds/templates/datadoghq.com_datadogslos_v1.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogslos.datadoghq.com labels: helm.sh/chart: '{{ include "datadog-crds.chart" . }}' @@ -143,24 +143,7 @@ spec: conditions: description: Conditions represents the latest available observations of the state of a DatadogSLO. items: - description: |- - Condition contains details for one aspect of the current state of this API Resource. - --- - This struct is intended for direct use as an array at the field path .status.conditions. For example, - - - type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` - - - // other fields - } + description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- @@ -201,12 +184,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/charts/datadog-operator/CHANGELOG.md b/charts/datadog-operator/CHANGELOG.md index c0e157a71..a7ed55f0a 100644 --- a/charts/datadog-operator/CHANGELOG.md +++ b/charts/datadog-operator/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## 2.5.1 + +* Expose CRD-specific namespace watch configuration added in Operator 1.8.0 release. + +## 2.5.0 + +* Update Datadog Operator version to 1.11.1. + ## 2.4.0 * Add configuration to grant the necessary RBAC to the operator for the CWS Instrumentation Admission Controller feature in the Cluster-Agent. diff --git a/charts/datadog-operator/Chart.lock b/charts/datadog-operator/Chart.lock index 41fd2ccbd..e5aa3049e 100644 --- a/charts/datadog-operator/Chart.lock +++ b/charts/datadog-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: datadog-crds repository: https://helm.datadoghq.com - version: 2.2.0 -digest: sha256:42b9b7296f565f17f11adea26fa8cb003c0f01551a84793873a3ae6c73efedc2 -generated: "2024-11-08T14:03:54.721912-05:00" + version: 2.3.0 +digest: sha256:67db7e15aa50bde3e2e62273b71402d2e4302c71f13201c3646ee5865e236106 +generated: "2024-12-18T14:19:32.327237+01:00" diff --git a/charts/datadog-operator/Chart.yaml b/charts/datadog-operator/Chart.yaml index 1c88e1898..83165c1ae 100644 --- a/charts/datadog-operator/Chart.yaml +++ b/charts/datadog-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: datadog-operator -version: 2.4.0 -appVersion: 1.10.0 +version: 2.5.2 +appVersion: 1.11.1 description: Datadog Operator keywords: - monitoring @@ -17,7 +17,7 @@ maintainers: email: support@datadoghq.com dependencies: - name: datadog-crds - version: "=2.2.0" + version: "=2.3.0" alias: datadogCRDs repository: https://helm.datadoghq.com condition: installCRDs diff --git a/charts/datadog-operator/README.md b/charts/datadog-operator/README.md index 91a76093e..c0ed7224d 100644 --- a/charts/datadog-operator/README.md +++ b/charts/datadog-operator/README.md @@ -1,6 +1,6 @@ # Datadog Operator -![Version: 2.4.0](https://img.shields.io/badge/Version-2.4.0-informational?style=flat-square) ![AppVersion: 1.10.0](https://img.shields.io/badge/AppVersion-1.10.0-informational?style=flat-square) +![Version: 2.5.2](https://img.shields.io/badge/Version-2.5.2-informational?style=flat-square) ![AppVersion: 1.11.1](https://img.shields.io/badge/AppVersion-1.11.1-informational?style=flat-square) ## Values @@ -33,7 +33,7 @@ | image.doNotCheckTag | bool | `false` | Permit skipping operator image tag compatibility with the chart. | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Operator image | | image.repository | string | `"gcr.io/datadoghq/operator"` | Repository to use for Datadog Operator image | -| image.tag | string | `"1.10.0"` | Define the Datadog Operator version to use | +| image.tag | string | `"1.11.1"` | Define the Datadog Operator version to use | | imagePullSecrets | list | `[]` | Datadog Operator repository pullSecret (ex: specify docker registry credentials) | | installCRDs | bool | `true` | Set to true to deploy the Datadog's CRDs | | introspection.enabled | bool | `false` | If true, enables introspection feature (beta). Requires v1.4.0+ | @@ -60,7 +60,11 @@ | tolerations | list | `[]` | Allows to schedule Datadog Operator on tainted nodes | | volumeMounts | list | `[]` | Specify additional volumes to mount in the container | | volumes | list | `[]` | Specify additional volumes to mount in the container | -| watchNamespaces | list | `[]` | Restricts the Operator to watch its managed resources on specific namespaces | +| watchNamespaces | list | `[]` | Restricts the Operator to watch its managed resources on specific namespaces unless CRD-specific watchNamespaces properties are set | +| watchNamespacesAgent | list | `[]` | Restricts the Operator to watch DatadogAgent resources on specific namespaces. Requires v1.8.0+ | +| watchNamespacesAgentProfile | list | `[]` | Restricts the Operator to watch DatadogAgentProfile resources on specific namespaces. Requires v1.8.0+ | +| watchNamespacesMonitor | list | `[]` | Restricts the Operator to watch DatadogMonitor resources on specific namespaces. Requires v1.8.0+ | +| watchNamespacesSLO | list | `[]` | Restricts the Operator to watch DatadogSLO resources on specific namespaces. Requires v1.8.0+ | ## How to configure which namespaces are watched by the Operator. diff --git a/charts/datadog-operator/templates/_helpers.tpl b/charts/datadog-operator/templates/_helpers.tpl index afc48dc57..50dc92353 100644 --- a/charts/datadog-operator/templates/_helpers.tpl +++ b/charts/datadog-operator/templates/_helpers.tpl @@ -85,6 +85,6 @@ Check operator image tag version. {{- if not .Values.image.doNotCheckTag -}} {{- .Values.image.tag -}} {{- else -}} -{{ "1.10.0" }} +{{ "1.11.1" }} {{- end -}} {{- end -}} diff --git a/charts/datadog-operator/templates/clusterrole.yaml b/charts/datadog-operator/templates/clusterrole.yaml index 1b7f4b2c4..1ac37f56e 100644 --- a/charts/datadog-operator/templates/clusterrole.yaml +++ b/charts/datadog-operator/templates/clusterrole.yaml @@ -8,9 +8,6 @@ metadata: rules: - nonResourceURLs: - /metrics - verbs: - - get -- nonResourceURLs: - /metrics/slis verbs: - get @@ -18,26 +15,8 @@ rules: - "" resources: - componentstatuses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - deployments + - namespaces verbs: - get - list @@ -45,19 +24,13 @@ rules: - apiGroups: - "" resources: + - configmaps - endpoints - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - events + - pods + - secrets + - serviceaccounts + - services verbs: - create - delete @@ -70,17 +43,13 @@ rules: - "" resources: - limitranges + - persistentvolumeclaims + - persistentvolumes + - replicationcontrollers + - resourcequotas verbs: - list - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - apiGroups: - "" resources: @@ -93,102 +62,11 @@ rules: - "" resources: - nodes/metrics - verbs: - - get -- apiGroups: - - "" - resources: - nodes/proxy - verbs: - - get -- apiGroups: - - "" - resources: - nodes/spec - verbs: - - get -- apiGroups: - - "" - resources: - nodes/stats verbs: - get -- apiGroups: - - "" - resources: - - persistentvolumeclaims - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - persistentvolumes - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - pods - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - replicationcontrollers - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - resourcequotas - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - '*' resources: @@ -205,6 +83,7 @@ rules: - '*' - apiGroups: - apiextensions.k8s.io + - extensions resources: - customresourcedefinitions verbs: @@ -222,17 +101,6 @@ rules: - apps resources: - daemonsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - apps - resources: - deployments verbs: - create @@ -246,6 +114,7 @@ rules: - apps resources: - replicasets + - statefulsets verbs: - get - list @@ -257,14 +126,6 @@ rules: verbs: - list - watch -- apiGroups: - - apps - resources: - - statefulsets - verbs: - - get - - list - - watch - apiGroups: - apps - extensions @@ -285,48 +146,18 @@ rules: - apiGroups: - authorization.k8s.io resources: - - clusterrolebindings + - subjectaccessreviews verbs: - create - - delete - get - - list - - patch - - update - - watch - apiGroups: - authorization.k8s.io + - rbac.authorization.k8s.io + - roles.rbac.authorization.k8s.io resources: + - clusterrolebindings - clusterroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - authorization.k8s.io - resources: - - pods/exec - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - rolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - authorization.k8s.io - resources: - roles verbs: - create @@ -336,13 +167,6 @@ rules: - patch - update - watch -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - apiGroups: - autoscaling resources: @@ -361,13 +185,6 @@ rules: - batch resources: - cronjobs - verbs: - - get - - list - - watch -- apiGroups: - - batch - resources: - jobs verbs: - get @@ -408,18 +225,12 @@ rules: - datadoghq.com resources: - datadogagents - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - datadoghq.com - resources: - datadogagents/finalizers + - datadogmonitors + - datadogmonitors/finalizers + - datadogslos + - datadogslos/finalizers + - extendeddaemonsets verbs: - create - delete @@ -432,19 +243,12 @@ rules: - datadoghq.com resources: - datadogagents/status + - datadogmonitors/status + - datadogslos/status verbs: - get - patch - update -- apiGroups: - - datadoghq.com - resources: - - datadogmetrics - verbs: - - create - - delete - - list - - watch - apiGroups: - datadoghq.com resources: @@ -454,97 +258,25 @@ rules: - apiGroups: - datadoghq.com resources: - - datadogmonitors + - datadogmetrics verbs: - create - delete - - get - list - - patch - - update - watch -- apiGroups: - - datadoghq.com - resources: - - datadogmonitors/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - datadoghq.com - resources: - - datadogmonitors/status - verbs: - - get - - patch - - update - apiGroups: - datadoghq.com resources: - datadogpodautoscalers - verbs: - - '*' -- apiGroups: - - datadoghq.com - resources: - datadogpodautoscalers/status verbs: - '*' -- apiGroups: - - datadoghq.com - resources: - - datadogslos - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - datadoghq.com - resources: - - datadogslos/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - datadoghq.com - resources: - - datadogslos/status - verbs: - - get - - patch - - update - apiGroups: - datadoghq.com resources: - extendeddaemonsetreplicasets verbs: - get -- apiGroups: - - datadoghq.com - resources: - - extendeddaemonsets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - datadoghq.com resources: @@ -553,13 +285,6 @@ rules: - get - list - watch -- apiGroups: - - extensions - resources: - - customresourcedefinitions - verbs: - - list - - watch - apiGroups: - external.metrics.k8s.io resources: @@ -599,14 +324,6 @@ rules: - patch - update - watch -- apiGroups: - - policy - resources: - - podsecuritypolicies - verbs: - - get - - list - - watch - apiGroups: - quota.openshift.io resources: @@ -614,102 +331,6 @@ rules: verbs: - get - list -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - roles.rbac.authorization.k8s.io - resources: - - clusterrolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - roles.rbac.authorization.k8s.io - resources: - - clusterroles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - roles.rbac.authorization.k8s.io - resources: - - rolebindings - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - roles.rbac.authorization.k8s.io - resources: - - roles - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - security.openshift.io resourceNames: @@ -726,6 +347,13 @@ rules: verbs: - list - watch +- apiGroups: # EKS kube_scheduler and kube_controller_manager control plane metrics + - "metrics.eks.amazonaws.com" + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get {{- if .Values.datadogAgentProfile.enabled }} - apiGroups: - "" diff --git a/charts/datadog-operator/templates/deployment.yaml b/charts/datadog-operator/templates/deployment.yaml index 1bb1b1322..6532eb07c 100644 --- a/charts/datadog-operator/templates/deployment.yaml +++ b/charts/datadog-operator/templates/deployment.yaml @@ -62,6 +62,22 @@ spec: fieldRef: fieldPath: metadata.namespace {{- end }} + {{- if .Values.watchNamespacesAgent }} + - name: DD_AGENT_WATCH_NAMESPACE + value: {{ .Values.watchNamespacesAgent | join "," }} + {{- end }} + {{- if .Values.watchNamespacesMonitor }} + - name: DD_MONITOR_WATCH_NAMESPACE + value: {{ .Values.watchNamespacesMonitor | join "," }} + {{- end }} + {{- if .Values.watchNamespacesSLO }} + - name: DD_SLO_WATCH_NAMESPACE + value: {{ .Values.watchNamespacesSLO | join "," }} + {{- end }} + {{- if .Values.watchNamespacesAgentProfile }} + - name: DD_AGENT_PROFILE_WATCH_NAMESPACE + value: {{ .Values.watchNamespacesAgentProfile | join "," }} + {{- end }} - name: POD_NAME valueFrom: fieldRef: diff --git a/charts/datadog-operator/values.yaml b/charts/datadog-operator/values.yaml index 31f8ecd9c..d2c1be14e 100644 --- a/charts/datadog-operator/values.yaml +++ b/charts/datadog-operator/values.yaml @@ -47,7 +47,7 @@ image: # image.repository -- Repository to use for Datadog Operator image repository: gcr.io/datadoghq/operator # image.tag -- Define the Datadog Operator version to use - tag: 1.10.0 + tag: 1.11.1 # image.pullPolicy -- Define the pullPolicy for Datadog Operator image pullPolicy: IfNotPresent # image.doNotCheckTag -- Permit skipping operator image tag compatibility with the chart. @@ -157,6 +157,7 @@ podLabels: {} collectOperatorMetrics: true # watchNamespaces -- Restricts the Operator to watch its managed resources on specific namespaces +# unless CRD-specific watchNamespaces properties are set watchNamespaces: [] # example: watch only two namespaces: # watchNamespaces: @@ -167,6 +168,54 @@ watchNamespaces: [] # watchNamespaces: # - "" +# watchNamespacesAgent -- Restricts the Operator to watch DatadogAgent resources on specific namespaces. +# Requires v1.8.0+ +watchNamespacesAgent: [] +# example: watch only two namespaces: +# watchNamespacesAgent: +# - "default" +# - "datadog" +# +# to watch all namespaces +# watchNamespacesAgent: +# - "" + +# watchNamespacesMonitor -- Restricts the Operator to watch DatadogMonitor resources on specific namespaces. +# Requires v1.8.0+ +watchNamespacesMonitor: [] +# example: watch only two namespaces: +# watchNamespacesMonitor: +# - "default" +# - "datadog" +# +# to watch all namespaces +# watchNamespacesMonitor: +# - "" + +# watchNamespacesSLO -- Restricts the Operator to watch DatadogSLO resources on specific namespaces. +# Requires v1.8.0+ +watchNamespacesSLO: [] +# example: watch only two namespaces: +# watchNamespacesSLO: +# - "default" +# - "datadog" +# +# to watch all namespaces +# watchNamespacesSLO: +# - "" + +# watchNamespacesAgentProfile -- Restricts the Operator to watch DatadogAgentProfile resources on specific namespaces. +# Requires v1.8.0+ +watchNamespacesAgentProfile: [] +# example: watch only two namespaces: +# watchNamespacesAgentProfile: +# - "default" +# - "datadog" +# +# to watch all namespaces +# watchNamespacesAgentProfile: +# - "" + # containerSecurityContext -- A security context defines privileges and access control settings for a container. containerSecurityContext: {} diff --git a/charts/datadog/CHANGELOG.md b/charts/datadog/CHANGELOG.md index 120978950..e7867fb2a 100644 --- a/charts/datadog/CHANGELOG.md +++ b/charts/datadog/CHANGELOG.md @@ -1,9 +1,86 @@ # Datadog changelog -## 3.84.0 +## 3.91.0 * Add `agents.coreAgent.enabled` and `datadog.apm.errorTrackingStandalone.enabled` settings to enable Error Tracking backend standalone. +## 3.90.2 + +* Adds env vars `DD_AGENT_IPC_PORT` and `DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL` when Otel Agent is enabled and adds flag `--sync-delay=30s` to otel agent. + +## 3.90.1 + +* Add rule to clusterrole to allow the node agent to query the EKS control plane metrics API + +## 3.90.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.62.0`. + +## 3.89.0 + +* Add `clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus` to disable `use_component_status` option for kubernetes_apiserver check. + +## 3.88.3 + +* Mount /var/lib/containers to generate SBOMs for CRI-O. + +## 3.88.2 + +* Disable running process check in core Agent by default feature for GKE Autopilot, as it is not supported. + +## 3.88.1 + +* Disable SBOM monitoring features for GKE Autopilot, as they are not supported + +## 3.88.0 + +* Set default `Agent` and `Cluster-Agent` version to `7.61.0`. + +## 3.87.2 + +* Add cgroups mount in system-probe for USM, NPM and Service Discovery matching the datadog-operator. + +## 3.87.1 + +* Add the ability to set the image tag to use for the APM Injector. + +## 3.87.0 + +* Launch `otel-agent` with the `--core-config` switch pointing to the main agent configuration. Note that this affects the OTel Agent beta images, early beta image releases with version tag `<7.59.0-v.1.2.0` will experience issues and should remain on older helm chart versions for their deployments. For regular users not deploying the `otel-agent` beta images, this should be a NOOP. + +## 3.86.0 + +* Add `delete` permission for `datadog-webhook` Admission Registration RBACs. + +## 3.85.0 + +* Add `datadog.discovery.enabled` configuration to control service-discovery. + +## 3.84.4 + +* Propagate the `datadog.site` option to the default `datadog.otelCollector` configuration. + +## 3.84.3 + +* Added the configuration value `clusterAgent.admissionController.kubernetes_admission_events.enabled` to enabled/disable the Kubernetes Admission Events feature. + +## 3.84.2 + +* Add `endpointslices.discovery.k8s.io` to the list of resources to collect in the Cluster Agent RBAC. +* Add configuration option for `datadog.kubernetesUseEndpointSlices` to map Kubernetes services to endpoint slices instead of endpoints. Disabled by default. + +## 3.84.1 + +* Remove deployments.apps example of `datadog.kubernetesResourcesLabelsAsTags` and `datadog.kubernetesResourcesAnnotationsAsTags` since it's not implemented yet + +## 3.84.0 + +* Set the default value of `datadog.processAgent.runInCoreAgent` to `true`. + +## 3.83.1 + +* Add /sys/fs/bpf to system-probe volume mounts + ## 3.83.0 * Added the configuration value `datadog.disablePasswdMount` to disable mounting the `/etc/passwd` path from the host filesystem. This option should be used when the underlying OS does not have these files (e.g., Talos OS). diff --git a/charts/datadog/Chart.yaml b/charts/datadog/Chart.yaml index 3130a881a..48bd90e86 100644 --- a/charts/datadog/Chart.yaml +++ b/charts/datadog/Chart.yaml @@ -1,7 +1,7 @@ --- apiVersion: v1 name: datadog -version: 3.84.0 +version: 3.91.0 appVersion: "7" description: Datadog Agent keywords: diff --git a/charts/datadog/README.md b/charts/datadog/README.md index 32edb0126..bf42cb2c4 100644 --- a/charts/datadog/README.md +++ b/charts/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.84.0](https://img.shields.io/badge/Version-3.84.0-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.91.0](https://img.shields.io/badge/Version-3.90.2-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -526,7 +526,7 @@ helm install \ | agents.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | agents.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | agents.image.repository | string | `nil` | Override default registry + image.name for Agent | -| agents.image.tag | string | `"7.59.0"` | Define the Agent version to use | +| agents.image.tag | string | `"7.62.0"` | Define the Agent version to use | | agents.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | agents.localService.forceLocalServiceEnabled | bool | `false` | Force the creation of the internal traffic policy service to target the agent running on the local node. By default, the internal traffic service is created only on Kubernetes 1.22+ where the feature became beta and enabled by default. This option allows to force the creation of the internal traffic service on kubernetes 1.21 where the feature was alpha and required a feature gate to be explicitly enabled. | | agents.localService.overrideName | string | `""` | Name of the internal traffic service to target the agent running on the local node | @@ -576,6 +576,7 @@ helm install \ | clusterAgent.admissionController.cwsInstrumentation.mode | string | `"remote_copy"` | Mode defines how the CWS Instrumentation should behave. Options are "remote_copy" or "init_container" | | clusterAgent.admissionController.enabled | bool | `true` | Enable the admissionController to be able to inject APM/Dogstatsd config and standard tags (env, service, version) automatically into your pods | | clusterAgent.admissionController.failurePolicy | string | `"Ignore"` | Set the failure policy for dynamic admission control.' | +| clusterAgent.admissionController.kubernetesAdmissionEvents.enabled | bool | `false` | Enable the Kubernetes Admission Events feature. | | clusterAgent.admissionController.mutateUnlabelled | bool | `false` | Enable injecting config without having the pod label 'admission.datadoghq.com/enabled="true"' | | clusterAgent.admissionController.mutation | object | `{"enabled":true}` | Mutation Webhook configuration options | | clusterAgent.admissionController.mutation.enabled | bool | `true` | Enabled enables the Admission Controller mutation webhook. Default: true. (Requires Agent 7.59.0+). | @@ -607,7 +608,8 @@ helm install \ | clusterAgent.image.pullPolicy | string | `"IfNotPresent"` | Cluster Agent image pullPolicy | | clusterAgent.image.pullSecrets | list | `[]` | Cluster Agent repository pullSecret (ex: specify docker registry credentials) | | clusterAgent.image.repository | string | `nil` | Override default registry + image.name for Cluster Agent | -| clusterAgent.image.tag | string | `"7.59.0"` | Cluster Agent image tag to use | +| clusterAgent.image.tag | string | `"7.62.0"` | Cluster Agent image tag to use | +| clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus | bool | `false` | Set this to true to disable use_component_status for the kube_apiserver integration. | | clusterAgent.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default Cluster Agent liveness probe settings | | clusterAgent.metricsProvider.aggregator | string | `"avg"` | Define the aggregator the cluster agent will use to process the metrics. The options are (avg, min, max, sum) | | clusterAgent.metricsProvider.createReaderRbac | bool | `true` | Create `external-metrics-reader` RBAC automatically (to allow HPA to read data from Cluster Agent) | @@ -661,7 +663,7 @@ helm install \ | clusterChecksRunner.image.pullPolicy | string | `"IfNotPresent"` | Datadog Agent image pull policy | | clusterChecksRunner.image.pullSecrets | list | `[]` | Datadog Agent repository pullSecret (ex: specify docker registry credentials) | | clusterChecksRunner.image.repository | string | `nil` | Override default registry + image.name for Cluster Check Runners | -| clusterChecksRunner.image.tag | string | `"7.59.0"` | Define the Agent version to use | +| clusterChecksRunner.image.tag | string | `"7.62.0"` | Define the Agent version to use | | clusterChecksRunner.image.tagSuffix | string | `""` | Suffix to append to Agent tag | | clusterChecksRunner.livenessProbe | object | Every 15s / 6 KO / 1 OK | Override default agent liveness probe settings | | clusterChecksRunner.networkPolicy.create | bool | `false` | If true, create a NetworkPolicy for the cluster checks runners. DEPRECATED. Use datadog.networkPolicy.create instead | @@ -696,6 +698,7 @@ helm install \ | datadog.apm.instrumentation.disabledNamespaces | list | `[]` | Disable injecting the Datadog APM libraries into pods in specific namespaces (beta). | | datadog.apm.instrumentation.enabled | bool | `false` | Enable injecting the Datadog APM libraries into all pods in the cluster (beta). | | datadog.apm.instrumentation.enabledNamespaces | list | `[]` | Enable injecting the Datadog APM libraries into pods in specific namespaces (beta). | +| datadog.apm.instrumentation.injector.imageTag | string | `""` | The image tag to use for the APM Injector (preview). | | datadog.apm.instrumentation.language_detection.enabled | bool | `true` | Run language detection to automatically detect languages of user workloads (beta). | | datadog.apm.instrumentation.libVersions | object | `{}` | Inject specific version of tracing libraries with Single Step Instrumentation (beta). | | datadog.apm.instrumentation.skipKPITelemetry | bool | `false` | Disable generating Configmap for APM Instrumentation KPIs | @@ -731,6 +734,7 @@ helm install \ | datadog.dd_url | string | `nil` | The host of the Datadog intake server to send Agent data to, only set this option if you need the Agent to send data to a custom URL | | datadog.disableDefaultOsReleasePaths | bool | `false` | Set this to true to disable mounting datadog.osReleasePath in all containers | | datadog.disablePasswdMount | bool | `false` | Set this to true to disable mounting /etc/passwd in all containers | +| datadog.discovery.enabled | bool | `nil` | Enable Service Discovery | | datadog.dockerSocketPath | string | `nil` | Path to the docker socket | | datadog.dogstatsd.hostSocketPath | string | `"/var/run/datadog/"` | Host path to the DogStatsD socket | | datadog.dogstatsd.nonLocalTraffic | bool | `true` | Enable this to make each node accept non-local statsd traffic (from outside of the pod) | @@ -777,6 +781,7 @@ helm install \ | datadog.kubernetesEvents.unbundleEvents | bool | `false` | Allow unbundling kubernetes events, 1:1 mapping between Kubernetes and Datadog events. (Requires Cluster Agent 7.42.0+). | | datadog.kubernetesResourcesAnnotationsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Annotations to Datadog Tags | | datadog.kubernetesResourcesLabelsAsTags | object | `{}` | Provide a mapping of Kubernetes Resources Labels to Datadog Tags | +| datadog.kubernetesUseEndpointSlices | bool | `false` | Enable this to map Kubernetes services to endpointslices instead of endpoints. (Requires Cluster Agent 7.62.0+). | | datadog.leaderElection | bool | `true` | Enables leader election mechanism for event collection | | datadog.leaderElectionResource | string | `"configmap"` | Selects the default resource to use for leader election. Can be: * "lease" / "leases". Only supported in agent 7.47+ * "configmap" / "configmaps". "" to automatically detect which one to use. | | datadog.leaderLeaseDuration | string | `nil` | Set the lease time for leader election in second | @@ -813,7 +818,7 @@ helm install \ | datadog.processAgent.enabled | bool | `true` | Set this to true to enable live process monitoring agent DEPRECATED. Set `datadog.processAgent.processCollection` or `datadog.processAgent.containerCollection` instead. # Note: /etc/passwd is automatically mounted when `processCollection`, `processDiscovery`, or `containerCollection` is enabled. # ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset | | datadog.processAgent.processCollection | bool | `false` | Set this to true to enable process collection | | datadog.processAgent.processDiscovery | bool | `true` | Enables or disables autodiscovery of integrations | -| datadog.processAgent.runInCoreAgent | bool | `false` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This requires Agent 7.57.0+ and Linux. | +| datadog.processAgent.runInCoreAgent | bool | `true` | Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. # This requires Agent 7.60.0+ and Linux. | | datadog.processAgent.stripProcessArguments | bool | `false` | Set this to scrub all arguments from collected processes # Requires datadog.processAgent.processCollection to be set to true to have any effect # ref: https://docs.datadoghq.com/infrastructure/process/?tab=linuxwindows#process-arguments-scrubbing | | datadog.profiling.enabled | string | `nil` | Enable Continuous Profiler by injecting `DD_PROFILING_ENABLED` environment variable with the same value to all pods in the cluster Valid values are: - false: Profiler is turned off and can not be turned on by other means. - null: Profiler is turned off, but can be turned on by other means. - auto: Profiler is turned off, but the library will turn it on if the application is a good candidate for profiling. - true: Profiler is turned on. | | datadog.prometheusScrape.additionalConfigs | list | `[]` | Allows adding advanced openmetrics check configurations with custom discovery rules. (Requires Agent version 7.27+) | diff --git a/charts/datadog/templates/NOTES.txt b/charts/datadog/templates/NOTES.txt index 1978f03df..692d62f9b 100644 --- a/charts/datadog/templates/NOTES.txt +++ b/charts/datadog/templates/NOTES.txt @@ -352,7 +352,7 @@ On GKE Autopilot, only one "datadog" Helm chart release is allowed by Kubernetes ##################################################################### #### WARNING: System Probe is not supported on GKE Autopilot #### ##################################################################### -{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled', 'datadog.securityAgent.runtime.fimEnabled', 'datadog.networkMonitoring.enabled', 'datadog.systemProbe.enableTCPQueueLength', 'datadog.systemProbe.enableOOMKill' and 'datadog.serviceMonitoring.enabled' must be set 'false'" }} +{{- fail "On GKE Autopilot environments, System Probe is not supported. The option 'datadog.securityAgent.runtime.enabled', 'datadog.securityAgent.runtime.fimEnabled', 'datadog.networkMonitoring.enabled', 'datadog.systemProbe.enableTCPQueueLength', 'datadog.systemProbe.enableOOMKill', 'datadog.serviceMonitoring.enabled' and 'datadog.discovery.enabled' must be set 'false'" }} {{- end }} @@ -424,6 +424,20 @@ The option is overriden to avoid mounting volumes that are not allowed which wou {{- end }} +{{- if or .Values.providers.gke.autopilot .Values.providers.gke.gdc }} + +{{- if or .Values.datadog.sbom.containerImage.enabled .Values.datadog.sbom.host.enabled }} + +####################################################################################### +#### WARNING: SBOM Monitoring is not supported on GKE Autopilot #### +####################################################################################### + +On GKE Autopilot environments, SBOM Monitoring is not supported. The options 'datadog.sbom.containerImage.enabled' and 'datadog.sbom.host.enabled' must be set to 'false'. + +{{- end }} + +{{- end }} + {{- if and (.Values.datadog.dogstatsd.useSocketVolume) (eq .Values.targetSystem "windows") }} ################################################################################### @@ -534,7 +548,7 @@ More information about this change: https://github.com/DataDog/helm-charts/pull/ {{- end }} -{{- if and (eq .Values.targetSystem "linux") (eq .Values.datadog.osReleasePath "") (eq (include "should-add-host-path-for-os-release-paths" .) "false") .Values.datadog.sbom.host.enabled }} +{{- if and (eq .Values.targetSystem "linux") (eq .Values.datadog.osReleasePath "") (eq (include "should-add-host-path-for-os-release-paths" .) "false") (eq (include "should-enable-sbom-host-fs-collection" .) "true") }} ################################################################# #### ERROR: Configuration notice #### ################################################################# diff --git a/charts/datadog/templates/_container-agent.yaml b/charts/datadog/templates/_container-agent.yaml index 8afcfc743..92b4c4ee1 100644 --- a/charts/datadog/templates/_container-agent.yaml +++ b/charts/datadog/templates/_container-agent.yaml @@ -59,6 +59,12 @@ {{- include "containers-common-env" . | nindent 4 }} {{- include "fips-envvar" . | nindent 4 }} {{- include "processes-common-envs" . | nindent 4 }} + {{- if eq (include "should-enable-otel-agent" .) "true" }} + - name: DD_AGENT_IPC_PORT + value: "5009" + - name: DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL + value: "60" + {{- end }} {{- if .Values.datadog.logLevel }} - name: DD_LOG_LEVEL @@ -174,7 +180,7 @@ - name: DD_CONTAINER_IMAGE_ENABLED value: "true" {{- end }} - {{- if or .Values.datadog.sbom.host.enabled (eq (include "should-enable-sbom-container-image-collection" .) "true") }} + {{- if or (eq (include "should-enable-sbom-host-fs-collection" .) "true") (eq (include "should-enable-sbom-container-image-collection" .) "true") }} - name: DD_SBOM_ENABLED value: "true" {{- if eq (include "should-enable-sbom-container-image-collection" .) "true" }} @@ -192,7 +198,7 @@ {{- end }} {{- end }} {{- end }} - {{- if .Values.datadog.sbom.host.enabled }} + {{- if eq (include "should-enable-sbom-host-fs-collection" .) "true" }} - name: DD_SBOM_HOST_ENABLED value: "true" - name: HOST_ROOT @@ -295,8 +301,11 @@ - name: host-docker-dir mountPath: /host/var/lib/docker readOnly: true + - name: host-crio-dir + mountPath: /host/var/lib/containers + readOnly: true {{- end }} - {{- if .Values.datadog.sbom.host.enabled }} + {{- if eq (include "should-enable-sbom-host-fs-collection" .) "true" }} - name: host-apk-dir mountPath: /host/var/lib/apk readOnly: true diff --git a/charts/datadog/templates/_container-otel-agent.yaml b/charts/datadog/templates/_container-otel-agent.yaml index 16e56bbe2..67793f402 100644 --- a/charts/datadog/templates/_container-otel-agent.yaml +++ b/charts/datadog/templates/_container-otel-agent.yaml @@ -3,10 +3,10 @@ image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" imagePullPolicy: {{ .Values.agents.image.pullPolicy }} {{- if eq .Values.targetSystem "linux" }} - command: ["otel-agent", "--config={{ template "datadog.otelconfPath" . }}/otel-config.yaml"] + command: ["otel-agent", "--config={{ template "datadog.otelconfPath" . }}/otel-config.yaml", "--core-config={{ template "datadog.confPath" . }}/datadog.yaml", "--sync-delay=30s"] {{- end -}} {{- if eq .Values.targetSystem "windows" }} - command: ["otel-agent", "-foreground", "-config={{ template "datadog.otelconfPath" . }}/datadog.yaml"] + command: ["otel-agent", "-foreground", "-config={{ template "datadog.otelconfPath" . }}/otel-config.yaml", "--core-config={{ template "datadog.confPath" . }}/datadog.yaml", "--sync-delay=30s"] {{- end -}} {{ include "generate-security-context" (dict "securityContext" .Values.agents.containers.otelAgent.securityContext "targetSystem" .Values.targetSystem "seccomp" "" "kubeversion" .Capabilities.KubeVersion.Version) | indent 2 }} resources: @@ -32,6 +32,10 @@ env: {{- include "containers-common-env" . | nindent 4 }} {{- include "containers-cluster-agent-env" . | nindent 4 }} + - name: DD_AGENT_IPC_PORT + value: "5009" + - name: DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL + value: "60" {{- include "fips-envvar" . | nindent 4 }} - name: DD_LOG_LEVEL value: {{ .Values.agents.containers.otelAgent.logLevel | default .Values.datadog.logLevel | quote }} diff --git a/charts/datadog/templates/_container-system-probe.yaml b/charts/datadog/templates/_container-system-probe.yaml index cf77ed4db..6e3127392 100644 --- a/charts/datadog/templates/_container-system-probe.yaml +++ b/charts/datadog/templates/_container-system-probe.yaml @@ -43,6 +43,12 @@ mountPath: /sys/kernel/debug mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: false # Need RW for kprobe_events +{{- if .Values.datadog.networkMonitoring.enabled }} + - name: bpffs + mountPath: /sys/fs/bpf + mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} + readOnly: true +{{- end }} - name: config mountPath: {{ template "datadog.confPath" . }} readOnly: true @@ -64,6 +70,12 @@ mountPath: /host/proc mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true +{{- if or .Values.datadog.serviceMonitoring.enabled .Values.datadog.networkMonitoring.enabled .Values.datadog.discovery.enabled }} + - name: cgroups + mountPath: /host/sys/fs/cgroup + mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} + readOnly: true +{{- end }} {{- include "linux-container-host-release-volumemounts" . | nindent 4 }} {{- if (eq (include "should-add-host-path-for-os-release-paths" .) "true") }} {{- if ne .Values.datadog.osReleasePath "/etc/redhat-release" }} diff --git a/charts/datadog/templates/_daemonset-volumes-linux.yaml b/charts/datadog/templates/_daemonset-volumes-linux.yaml index 6b6cb50f0..136e2c6af 100644 --- a/charts/datadog/templates/_daemonset-volumes-linux.yaml +++ b/charts/datadog/templates/_daemonset-volumes-linux.yaml @@ -22,7 +22,7 @@ path: {{ .Values.datadog.systemProbe.osReleasePath | default .Values.datadog.osReleasePath }} name: os-release-file {{- end }} -{{- if and (eq (include "should-add-host-path-for-os-release-paths" .) "true") (or (eq (include "should-enable-system-probe" .) "true") .Values.datadog.sbom.host.enabled) }} +{{- if and (eq (include "should-add-host-path-for-os-release-paths" .) "true") (or (eq (include "should-enable-system-probe" .) "true") (eq (include "should-enable-sbom-host-fs-collection" .) "true")) }} - hostPath: path: /etc/redhat-release name: etc-redhat-release @@ -81,6 +81,11 @@ - hostPath: path: /sys/kernel/debug name: debugfs +{{- if .Values.datadog.networkMonitoring.enabled }} +- hostPath: + path: /sys/fs/bpf + name: bpffs +{{- end }} - name: sysprobe-socket-dir emptyDir: {} {{- if and (eq (include "runtime-compilation-enabled" .) "true") .Values.datadog.systemProbe.enableDefaultKernelHeadersPaths }} @@ -155,8 +160,11 @@ - hostPath: path: /var/lib/docker name: host-docker-dir +- hostPath: + path: /var/lib/containers + name: host-crio-dir {{- end }} -{{- if .Values.datadog.sbom.host.enabled }} +{{- if eq (include "should-enable-sbom-host-fs-collection" .) "true" }} - hostPath: path: /var/lib/apk name: host-apk-dir diff --git a/charts/datadog/templates/_helpers.tpl b/charts/datadog/templates/_helpers.tpl index f069eed1f..2d0074988 100644 --- a/charts/datadog/templates/_helpers.tpl +++ b/charts/datadog/templates/_helpers.tpl @@ -10,7 +10,7 @@ {{- $version = "6.55.1" -}} {{- end -}} {{- if and (eq $length 1) (or (eq $version "7") (eq $version "latest")) -}} -{{- $version = "7.58.1" -}} +{{- $version = "7.59.0" -}} {{- end -}} {{- $version -}} {{- end -}} @@ -117,8 +117,6 @@ false {{- end -}} {{- end -}} - - {{/* Return secret name to be used based on provided values. */}} @@ -331,7 +329,7 @@ Return a remote image path based on `.Values` (passed as root) and `.` (any `.im Return true if a system-probe feature is enabled. */}} {{- define "system-probe-feature" -}} -{{- if or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled .Values.datadog.networkMonitoring.enabled .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill .Values.datadog.serviceMonitoring.enabled -}} +{{- if or .Values.datadog.securityAgent.runtime.enabled .Values.datadog.securityAgent.runtime.fimEnabled .Values.datadog.networkMonitoring.enabled .Values.datadog.systemProbe.enableTCPQueueLength .Values.datadog.systemProbe.enableOOMKill .Values.datadog.serviceMonitoring.enabled .Values.datadog.discovery.enabled -}} true {{- else -}} false @@ -699,7 +697,18 @@ Return Kubelet volumeMount Return true if the Cluster Agent needs a confd configmap */}} {{- define "need-cluster-agent-confd" -}} -{{- if (or (.Values.clusterAgent.confd) (.Values.datadog.kubeStateMetricsCore.enabled) (.Values.clusterAgent.advancedConfd) (.Values.datadog.helmCheck.enabled)) -}} +{{- if (or (.Values.clusterAgent.confd) (.Values.datadog.kubeStateMetricsCore.enabled) (.Values.clusterAgent.advancedConfd) (.Values.datadog.helmCheck.enabled) (.Values.datadog.collectEvents) (.Values.clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus)) -}} +true +{{- else -}} +false +{{- end -}} +{{- end -}} + +{{/* +Return true if kubernetes_apiserver check should be configured +*/}} +{{- define "need-kubernetes-apiserver-check-config" -}} +{{- if or (.Values.datadog.collectEvents) (.Values.clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus) -}} true {{- else -}} false @@ -954,7 +963,7 @@ Create RBACs for custom resources Return true if SBOM collection for container image is enabled */}} {{- define "should-enable-sbom-container-image-collection" -}} - {{- if .Values.datadog.sbom.containerImage.enabled -}} + {{- if and (.Values.datadog.sbom.containerImage.enabled) (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) -}} {{- if not (eq (include "should-enable-container-image-collection" .) "true") -}} {{- fail "Container runtime support has to be enabled for SBOM collection to work. Please enable it using `datadog.containerRuntimeSupport.enabled`." -}} {{- end -}} @@ -964,6 +973,17 @@ Create RBACs for custom resources {{- end -}} {{- end -}} +{{/* + Return true if SBOM collection for host filesystems is enabled +*/}} +{{- define "should-enable-sbom-host-fs-collection" -}} + {{- if and (.Values.datadog.sbom.host.enabled) (not (or .Values.providers.gke.autopilot .Values.providers.gke.gdc)) -}} + true + {{- else -}} + false + {{- end -}} +{{- end -}} + {{/* Return true if language detection feature is enabled */}} @@ -1004,14 +1024,13 @@ Create RBACs for custom resources Returns true if process-related checks should run on the core agent. */}} {{- define "should-run-process-checks-on-core-agent" -}} - {{- if .Values.providers.gke.gdc -}} + {{- if or .Values.providers.gke.gdc .Values.providers.gke.autopilot -}} false - {{- end -}} - {{- if ne .Values.targetSystem "linux" -}} + {{- else if ne .Values.targetSystem "linux" -}} false {{- else if (ne (include "get-process-checks-in-core-agent-envvar" .) "") -}} {{- include "get-process-checks-in-core-agent-envvar" . -}} - {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.57.0-0" (include "get-agent-version" .)) -}} + {{- else if and (not .Values.agents.image.doNotCheckTag) .Values.datadog.processAgent.runInCoreAgent (semverCompare ">=7.60.0-0" (include "get-agent-version" .)) -}} true {{- else -}} false diff --git a/charts/datadog/templates/_kubernetes_apiserver_config.yaml b/charts/datadog/templates/_kubernetes_apiserver_config.yaml index 208e21594..b1849c6d0 100644 --- a/charts/datadog/templates/_kubernetes_apiserver_config.yaml +++ b/charts/datadog/templates/_kubernetes_apiserver_config.yaml @@ -1,13 +1,19 @@ {{- define "kubernetes_apiserver-config" -}} -{{- if .Values.datadog.collectEvents -}} +{{- if eq (include "need-kubernetes-apiserver-check-config" .) "true" }} kubernetes_apiserver.yaml: |- init_config: instances: - - filtering_enabled: {{ .Values.datadog.kubernetesEvents.filteringEnabled }} + - +{{- if .Values.datadog.collectEvents }} + filtering_enabled: {{ .Values.datadog.kubernetesEvents.filteringEnabled }} unbundle_events: {{ .Values.datadog.kubernetesEvents.unbundleEvents }} {{- if .Values.datadog.kubernetesEvents.unbundleEvents }} collected_event_types: {{ .Values.datadog.kubernetesEvents.collectedEventTypes | toYaml | nindent 8 }} {{- end -}} +{{- end }} +{{- if .Values.clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus }} + use_component_status: false +{{- end }} {{- end -}} {{- end -}} diff --git a/charts/datadog/templates/_otel_agent_config.yaml b/charts/datadog/templates/_otel_agent_config.yaml index dd18d93c4..f0edd35c3 100644 --- a/charts/datadog/templates/_otel_agent_config.yaml +++ b/charts/datadog/templates/_otel_agent_config.yaml @@ -21,6 +21,7 @@ otel-config.yaml: {{- if .Values.datadog.otelCollector.config }} {{ toYaml .Valu datadog: api: key: ${env:DD_API_KEY} + site: {{ .Values.datadog.site | default "" | quote }} processors: infraattributes: cardinality: 2 diff --git a/charts/datadog/templates/cluster-agent-deployment.yaml b/charts/datadog/templates/cluster-agent-deployment.yaml index 1eb9c4fbb..de82b3615 100644 --- a/charts/datadog/templates/cluster-agent-deployment.yaml +++ b/charts/datadog/templates/cluster-agent-deployment.yaml @@ -258,6 +258,10 @@ spec: - name: DD_ADMISSION_CONTROLLER_CWS_INSTRUMENTATION_MODE value: {{ .Values.clusterAgent.admissionController.cwsInstrumentation.mode | quote }} {{- end }} + {{- if .Values.clusterAgent.admissionController.kubernetesAdmissionEvents.enabled }} + - name: DD_ADMISSION_CONTROLLER_KUBERNETES_ADMISSION_EVENTS_ENABLED + value: "true" + {{- end }} {{ include "ac-agent-sidecar-env" . | nindent 10 }} - name: DD_REMOTE_CONFIGURATION_ENABLED value: {{ include "clusterAgent-remoteConfiguration-enabled" . | quote }} @@ -277,6 +281,10 @@ spec: - name: DD_APM_INSTRUMENTATION_LIB_VERSIONS value: {{ .Values.datadog.apm.instrumentation.libVersions | toJson | quote }} {{- end }} + {{- if .Values.datadog.apm.instrumentation.injector.imageTag }} + - name: DD_APM_INSTRUMENTATION_INJECTOR_IMAGE_TAG + value: {{ .Values.datadog.apm.instrumentation.injector.imageTag | quote }} + {{- end }} {{- if .Values.datadog.asm.threats.enabled }} - name: DD_ADMISSION_CONTROLLER_AUTO_INSTRUMENTATION_APPSEC_ENABLED value: "true" @@ -324,6 +332,8 @@ spec: - name: DD_COLLECT_KUBERNETES_EVENTS value: {{ .Values.datadog.collectEvents | quote }} {{- end }} + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: {{ .Values.datadog.kubernetesUseEndpointSlices | quote }} - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED value: {{ .Values.datadog.kubernetesEvents.sourceDetectionEnabled | quote }} - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME @@ -476,7 +486,7 @@ spec: - key: helm.yaml path: helm.yaml {{- end }} -{{- if .Values.datadog.collectEvents }} +{{- if eq (include "need-kubernetes-apiserver-check-config" .) "true" }} - key: kubernetes_apiserver.yaml path: kubernetes_apiserver.yaml {{- end }} diff --git a/charts/datadog/templates/cluster-agent-rbac.yaml b/charts/datadog/templates/cluster-agent-rbac.yaml index 2da18ea9b..8bf355ebb 100644 --- a/charts/datadog/templates/cluster-agent-rbac.yaml +++ b/charts/datadog/templates/cluster-agent-rbac.yaml @@ -29,6 +29,14 @@ rules: - list - watch - create +- apiGroups: + - "discovery.k8s.io" + resources: + - endpointslices + verbs: + - get + - list + - watch - apiGroups: ["quota.openshift.io"] resources: - clusterresourcequotas @@ -249,7 +257,7 @@ rules: - mutatingwebhookconfigurations resourceNames: - {{ .Values.clusterAgent.admissionController.webhookName | quote }} - verbs: ["get", "list", "watch", "update"] + verbs: ["get", "list", "watch", "update", "delete"] - apiGroups: - admissionregistration.k8s.io resources: diff --git a/charts/datadog/templates/rbac.yaml b/charts/datadog/templates/rbac.yaml index 2d555d52f..919808f88 100644 --- a/charts/datadog/templates/rbac.yaml +++ b/charts/datadog/templates/rbac.yaml @@ -129,6 +129,13 @@ rules: resources: ["secrets"] verbs: ["get"] {{- end }} +- apiGroups: # EKS kube_scheduler and kube_controller_manager control plane metrics + - "metrics.eks.amazonaws.com" + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get --- apiVersion: {{ template "rbac.apiVersion" . }} kind: ClusterRoleBinding diff --git a/charts/datadog/templates/system-probe-configmap.yaml b/charts/datadog/templates/system-probe-configmap.yaml index 4897b7bb9..d769235d2 100644 --- a/charts/datadog/templates/system-probe-configmap.yaml +++ b/charts/datadog/templates/system-probe-configmap.yaml @@ -43,6 +43,10 @@ data: conntrack_init_timeout: {{ $.Values.datadog.systemProbe.conntrackInitTimeout }} service_monitoring_config: enabled: {{ $.Values.datadog.serviceMonitoring.enabled }} + {{- if not (eq .Values.datadog.discovery.enabled nil) }} + discovery: + enabled: {{ $.Values.datadog.discovery.enabled }} + {{- end }} runtime_security_config: enabled: {{ $.Values.datadog.securityAgent.runtime.enabled }} fim_enabled: {{ $.Values.datadog.securityAgent.runtime.fimEnabled }} diff --git a/charts/datadog/values.yaml b/charts/datadog/values.yaml index f4c48d012..10859f1db 100644 --- a/charts/datadog/values.yaml +++ b/charts/datadog/values.yaml @@ -257,8 +257,6 @@ datadog: # datadog.kubernetesResourcesLabelsAsTags -- Provide a mapping of Kubernetes Resources Labels to Datadog Tags kubernetesResourcesLabelsAsTags: {} - # deployments.apps: - # x-team: team-from-label # pods: # x-ref: reference # namespaces: @@ -268,8 +266,6 @@ datadog: # datadog.kubernetesResourcesAnnotationsAsTags -- Provide a mapping of Kubernetes Resources Annotations to Datadog Tags kubernetesResourcesAnnotationsAsTags: {} - # deployments.apps: - # x-team: team-from-annotation # pods: # x-ann: annotation-reference # namespaces: @@ -390,6 +386,9 @@ datadog: ## ref: https://docs.datadoghq.com/agent/kubernetes/#event-collection collectEvents: true + # datadog.kubernetesUseEndpointSlices -- Enable this to map Kubernetes services to endpointslices instead of endpoints. (Requires Cluster Agent 7.62.0+). + kubernetesUseEndpointSlices: false + # Configure Kubernetes events collection kubernetesEvents: # datadog.kubernetesEvents.sourceDetectionEnabled -- Enable this to map Kubernetes events to integration sources based on controller names. (Requires Cluster Agent 7.56.0+). @@ -539,6 +538,11 @@ datadog: # datadog.apm.instrumentation.language_detection.enabled -- Run language detection to automatically detect languages of user workloads (beta). enabled: true + # This feature is in preview. It requires Cluster Agent 7.57+. + injector: + # datadog.apm.instrumentation.injector.imageTag -- The image tag to use for the APM Injector (preview). + imageTag: "" + ## Application Security Managment (ASM) configuration ## ## ASM is disabled by default and can be enabled by setting the various `enabled` fields to `true` under the `datadog.asm` section. @@ -696,8 +700,8 @@ datadog: processDiscovery: true # datadog.processAgent.runInCoreAgent -- Set this to true to run the following features in the core agent: Live Processes, Live Containers, Process Discovery. - ## This requires Agent 7.57.0+ and Linux. - runInCoreAgent: false + ## This requires Agent 7.60.0+ and Linux. + runInCoreAgent: true # datadog.processAgent.containerCollection -- Set this to true to enable container collection ## ref: https://docs.datadoghq.com/infrastructure/containers/?tab=helm @@ -830,6 +834,10 @@ datadog: # datadog.serviceMonitoring.enabled -- Enable Universal Service Monitoring enabled: false + discovery: + # datadog.discovery.enabled -- (bool) Enable Service Discovery + enabled: # false + # Software Bill of Materials configuration sbom: containerImage: @@ -1026,7 +1034,7 @@ clusterAgent: name: cluster-agent # clusterAgent.image.tag -- Cluster Agent image tag to use - tag: 7.59.0 + tag: 7.62.0 # clusterAgent.image.digest -- Cluster Agent image digest to use, takes precedence over tag if specified digest: "" @@ -1221,6 +1229,10 @@ clusterAgent: # Options are "remote_copy" or "init_container" mode: remote_copy + kubernetesAdmissionEvents: + # clusterAgent.admissionController.kubernetesAdmissionEvents.enabled -- Enable the Kubernetes Admission Events feature. + enabled: false + agentSidecarInjection: # clusterAgent.admissionController.agentSidecarInjection.enabled -- Enables Datadog Agent sidecar injection. @@ -1303,6 +1315,11 @@ clusterAgent: # username: datadog # password: + ## clusterAgent.kubernetesApiserverCheck -- correspond to options for configuring the kube_apiserver integration. + kubernetesApiserverCheck: + # clusterAgent.kubernetesApiserverCheck.disableUseComponentStatus -- Set this to true to disable use_component_status for the kube_apiserver integration. + disableUseComponentStatus: false + # clusterAgent.resources -- Datadog cluster-agent resource requests and limits. resources: {} # requests: @@ -1543,7 +1560,7 @@ agents: name: agent # agents.image.tag -- Define the Agent version to use - tag: 7.59.0 + tag: 7.62.0 # agents.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" @@ -2049,7 +2066,7 @@ clusterChecksRunner: name: agent # clusterChecksRunner.image.tag -- Define the Agent version to use - tag: 7.59.0 + tag: 7.62.0 # clusterChecksRunner.image.digest -- Define Agent image digest to use, takes precedence over tag if specified digest: "" diff --git a/charts/observability-pipelines-worker/CHANGELOG.md b/charts/observability-pipelines-worker/CHANGELOG.md index 8343fb4c1..29a623fc6 100644 --- a/charts/observability-pipelines-worker/CHANGELOG.md +++ b/charts/observability-pipelines-worker/CHANGELOG.md @@ -1,5 +1,13 @@ # Changelog +## 2.3.0 + +* Official image `2.3.0` + +## 2.2.3 + +* Official image `2.2.3` + ## 2.2.2 * Official image `2.2.2` diff --git a/charts/observability-pipelines-worker/Chart.yaml b/charts/observability-pipelines-worker/Chart.yaml index 5029e59d3..367c868c8 100644 --- a/charts/observability-pipelines-worker/Chart.yaml +++ b/charts/observability-pipelines-worker/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: observability-pipelines-worker -version: "2.2.2" +version: "2.3.0" description: Observability Pipelines Worker type: application keywords: @@ -13,7 +13,7 @@ icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png maintainers: - name: Datadog email: support@datadoghq.com -appVersion: "2.2.2" +appVersion: "2.3.0" annotations: artifacthub.io/links: | - name: Chart Source diff --git a/charts/observability-pipelines-worker/README.md b/charts/observability-pipelines-worker/README.md index 45a1b3c03..4054396a4 100644 --- a/charts/observability-pipelines-worker/README.md +++ b/charts/observability-pipelines-worker/README.md @@ -1,6 +1,6 @@ # Observability Pipelines Worker -![Version: 2.2.2](https://img.shields.io/badge/Version-2.2.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.2.2](https://img.shields.io/badge/AppVersion-2.2.2-informational?style=flat-square) +![Version: 2.3.0](https://img.shields.io/badge/Version-2.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.3.0](https://img.shields.io/badge/AppVersion-2.3.0-informational?style=flat-square) ## How to use Datadog Helm repository @@ -110,7 +110,7 @@ The command removes all the Kubernetes components associated with the chart and | image.pullPolicy | string | `"IfNotPresent"` | Specify the [pullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy). | | image.pullSecrets | list | `[]` | Specify the [imagePullSecrets](https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod). | | image.repository | string | `"gcr.io/datadoghq"` | Specify the image repository to use. | -| image.tag | string | `"2.2.2"` | Specify the image tag to use. | +| image.tag | string | `"2.3.0"` | Specify the image tag to use. | | ingress.annotations | object | `{}` | Specify annotations for the Ingress. | | ingress.className | string | `""` | Specify the [ingressClassName](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress), requires Kubernetes >= 1.18. | | ingress.enabled | bool | `false` | If **true**, create an Ingress resource. | diff --git a/charts/observability-pipelines-worker/values.yaml b/charts/observability-pipelines-worker/values.yaml index 12db3e3ea..81e3f6f1e 100644 --- a/charts/observability-pipelines-worker/values.yaml +++ b/charts/observability-pipelines-worker/values.yaml @@ -42,7 +42,7 @@ image: # image.name -- Specify the image name to use (relative to `image.repository`). name: observability-pipelines-worker # image.tag -- Specify the image tag to use. - tag: 2.2.2 + tag: 2.3.0 # image.digest -- (string) Specify the image digest to use; takes precedence over `image.tag`. digest: ## Currently, we offer images at: diff --git a/charts/private-action-runner/CHANGELOG.md b/charts/private-action-runner/CHANGELOG.md index fb7d362c5..0307f7a95 100644 --- a/charts/private-action-runner/CHANGELOG.md +++ b/charts/private-action-runner/CHANGELOG.md @@ -1,5 +1,21 @@ # Datadog changelog +## 0.15.4 + +* Update private action image version to `v0.1.10-beta` + +## 0.15.3 + +* Update private action image version to `v0.1.9-beta` + +## 0.15.2 + +* Update private action image version to `v0.1.8-beta` + +## 0.15.1 + +* Update private action image version to `v0.1.6-beta` + ## 0.15.0 * Update private action image version to `v0.1.5-beta` diff --git a/charts/private-action-runner/Chart.yaml b/charts/private-action-runner/Chart.yaml index a6f65933a..e0a6d1dc4 100644 --- a/charts/private-action-runner/Chart.yaml +++ b/charts/private-action-runner/Chart.yaml @@ -3,7 +3,7 @@ name: private-action-runner description: A Helm chart to deploy the private action runner type: application -version: 0.15.0 +version: 0.15.4 appVersion: "1.22.0" keywords: - app builder diff --git a/charts/private-action-runner/README.md b/charts/private-action-runner/README.md index e0f476e0a..e95c90477 100644 --- a/charts/private-action-runner/README.md +++ b/charts/private-action-runner/README.md @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.0](https://img.shields.io/badge/Version-0.15.0-informational?style=flat-square) ![AppVersion: v0.1.5-beta](https://img.shields.io/badge/AppVersion-v0.1.5--beta-informational?style=flat-square) +![Version: 0.15.4](https://img.shields.io/badge/Version-0.15.4-informational?style=flat-square) ![AppVersion: v0.1.10-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. @@ -42,7 +42,7 @@ helm repo update | Key | Type | Default | Description | |-----|------|---------|-------------| -| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.5-beta"}` | Current Datadog Private Action Runner image | +| common.image | object | `{"repository":"gcr.io/datadoghq/private-action-runner","tag":"v0.1.10-beta"}` | Current Datadog Private Action Runner image | | credentialFiles | list | `[]` | List of credential files to be used by the Datadog Private Action Runner | | runners[0].config | object | `{"actionsAllowlist":[],"ddBaseURL":"https://app.datadoghq.com","modes":["workflowAutomation","appBuilder"],"port":9016,"privateKey":"CHANGE_ME_PRIVATE_KEY_FROM_CONFIG","urn":"CHANGE_ME_URN_FROM_CONFIG"}` | Configuration for the Datadog Private Action Runner | | runners[0].config.actionsAllowlist | list | `[]` | List of actions that the Datadog Private Action Runner is allowed to execute | diff --git a/charts/private-action-runner/README.md.gotmpl b/charts/private-action-runner/README.md.gotmpl index a7cb66089..be874474a 100644 --- a/charts/private-action-runner/README.md.gotmpl +++ b/charts/private-action-runner/README.md.gotmpl @@ -1,6 +1,6 @@ # Datadog Private Action Runner -![Version: 0.15.0](https://img.shields.io/badge/Version-0.15.0-informational?style=flat-square) ![AppVersion: v0.1.5-beta](https://img.shields.io/badge/AppVersion-v0.1.5--beta-informational?style=flat-square) +![Version: 0.15.4](https://img.shields.io/badge/Version-0.15.4-informational?style=flat-square) ![AppVersion: v0.1.10-beta](https://img.shields.io/badge/AppVersion-v0.1.6--beta-informational?style=flat-square) This Helm Chart deploys the Datadog Private Action runner inside a Kubernetes cluster. It allows you to use private actions from the Datadog Workflow and Datadog App Builder products. When deploying this chart, you can give permissions to the runner in order to be able to run Kubernetes actions. diff --git a/charts/private-action-runner/values.yaml b/charts/private-action-runner/values.yaml index 8b453c4d9..5fefaa9cf 100644 --- a/charts/private-action-runner/values.yaml +++ b/charts/private-action-runner/values.yaml @@ -6,7 +6,7 @@ common: # -- Current Datadog Private Action Runner image image: repository: gcr.io/datadoghq/private-action-runner - tag: v0.1.5-beta + tag: v0.1.10-beta runners: # runners[0].name -- Name of the Datadog Private Action Runner diff --git a/charts/synthetics-private-location/CHANGELOG.md b/charts/synthetics-private-location/CHANGELOG.md index a8bc6cf18..6e417352f 100644 --- a/charts/synthetics-private-location/CHANGELOG.md +++ b/charts/synthetics-private-location/CHANGELOG.md @@ -1,5 +1,13 @@ # Datadog changelog +## 0.17.6 + +* Add optional annotations for service account. + +## 0.17.5 + +* Update private location image version to `1.54.0`. + ## 0.17.4 * Update private location image version to `1.53.0`. diff --git a/charts/synthetics-private-location/Chart.yaml b/charts/synthetics-private-location/Chart.yaml index 1effbb319..7d230dc66 100644 --- a/charts/synthetics-private-location/Chart.yaml +++ b/charts/synthetics-private-location/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: synthetics-private-location -version: 0.17.4 -appVersion: 1.53.0 +version: 0.17.6 +appVersion: 1.54.0 description: Datadog Synthetics Private Location keywords: - monitoring diff --git a/charts/synthetics-private-location/README.md b/charts/synthetics-private-location/README.md index 7ea53f254..ca6824c55 100644 --- a/charts/synthetics-private-location/README.md +++ b/charts/synthetics-private-location/README.md @@ -1,6 +1,6 @@ # Datadog Synthetics Private Location -![Version: 0.17.4](https://img.shields.io/badge/Version-0.17.4-informational?style=flat-square) ![AppVersion: 1.53.0](https://img.shields.io/badge/AppVersion-1.53.0-informational?style=flat-square) +![Version: 0.17.6](https://img.shields.io/badge/Version-0.17.6-informational?style=flat-square) ![AppVersion: 1.54.0](https://img.shields.io/badge/AppVersion-1.54.0-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds a Datadog Synthetics Private Location Deployment. For more information about synthetics monitoring with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/synthetics/private_locations/?tab=helmchart). @@ -41,7 +41,7 @@ helm install datadog/synthetics-private-location --set-file confi | hostAliases | list | `[]` | Add entries to Datadog Synthetics Private Location PODs' /etc/hosts | | image.pullPolicy | string | `"IfNotPresent"` | Define the pullPolicy for Datadog Synthetics Private Location image | | image.repository | string | `"gcr.io/datadoghq/synthetics-private-location-worker"` | Repository to use for Datadog Synthetics Private Location image | -| image.tag | string | `"1.53.0"` | Define the Datadog Synthetics Private Location version to use | +| image.tag | string | `"1.54.0"` | Define the Datadog Synthetics Private Location version to use | | imagePullSecrets | list | `[]` | Datadog Synthetics Private Location repository pullSecret (ex: specify docker registry credentials) | | nameOverride | string | `""` | Override name of app | | nodeSelector | object | `{}` | Allows to schedule Datadog Synthetics Private Location on specific nodes | @@ -53,6 +53,7 @@ helm install datadog/synthetics-private-location --set-file confi | replicaCount | int | `1` | Number of instances of Datadog Synthetics Private Location | | resources | object | `{}` | Set resources requests/limits for Datadog Synthetics Private Location PODs | | securityContext | object | `{}` | Security context to set to the Datadog Synthetics Private Location container | +| serviceAccount.annotations | object | `{}` | Annotations for the service account | | serviceAccount.create | bool | `true` | Specifies whether a service account should be created | | serviceAccount.name | string | `""` | The name of the service account to use. If not set name is generated using the fullname template | | tolerations | list | `[]` | Allows to schedule Datadog Synthetics Private Location on tainted nodes | diff --git a/charts/synthetics-private-location/templates/service_account.yaml b/charts/synthetics-private-location/templates/service_account.yaml index e4b556b71..0f6caa868 100644 --- a/charts/synthetics-private-location/templates/service_account.yaml +++ b/charts/synthetics-private-location/templates/service_account.yaml @@ -5,4 +5,8 @@ metadata: name: {{ template "synthetics-private-location.serviceAccountName" . }} labels: {{ include "synthetics-private-location.labels" . | indent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} {{- end -}} diff --git a/charts/synthetics-private-location/values.yaml b/charts/synthetics-private-location/values.yaml index e1bb1e48c..c92dfd539 100644 --- a/charts/synthetics-private-location/values.yaml +++ b/charts/synthetics-private-location/values.yaml @@ -15,7 +15,7 @@ image: # image.pullPolicy -- Define the pullPolicy for Datadog Synthetics Private Location image pullPolicy: IfNotPresent # image.tag -- Define the Datadog Synthetics Private Location version to use - tag: 1.53.0 + tag: 1.54.0 # dnsPolicy -- DNS Policy to set to the Datadog Synthetics Private Location PODs dnsPolicy: ClusterFirst @@ -34,6 +34,8 @@ serviceAccount: create: true # serviceAccount.name -- The name of the service account to use. If not set name is generated using the fullname template name: "" + # serviceAccount.annotations -- Annotations for the service account + annotations: {} # Create a ConfigMap containing the PEM files of your custom CA Root certificate # Then add it as an extra volume mounted on /etc/datadog/certs/ diff --git a/crds/datadoghq.com_datadogagentprofiles.yaml b/crds/datadoghq.com_datadogagentprofiles.yaml index c080a083f..d0e4501c5 100644 --- a/crds/datadoghq.com_datadogagentprofiles.yaml +++ b/crds/datadoghq.com_datadogagentprofiles.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogagentprofiles.datadoghq.com spec: group: datadoghq.com @@ -91,10 +91,13 @@ spec: description: The key to select. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the ConfigMap or its key must be defined @@ -147,10 +150,13 @@ spec: description: The key of the secret to select from. Must be a valid secret key. type: string name: + default: "" description: |- Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid? type: string optional: description: Specify whether the Secret or its key must be defined @@ -178,11 +184,9 @@ spec: Claims lists the names of resources, defined in spec.resourceClaims, that are used by this container. - This is an alpha field and requires enabling the DynamicResourceAllocation feature gate. - This field is immutable. It can only be set for containers. items: description: ResourceClaim references one entry in PodSpec.ResourceClaims. @@ -193,6 +197,12 @@ spec: the Pod where this field is used. It makes that resource available inside a container. type: string + request: + description: |- + Request is the name chosen for a request in the referenced claim. + If empty, everything from the claim is made available, otherwise + only the result of this request. + type: string required: - name type: object @@ -244,6 +254,12 @@ spec: If not specified, the pod priority will be default or zero if there is no default. type: string + runtimeClassName: + description: |- + If specified, indicates the pod's RuntimeClass kubelet should use to run the pod. + If the named RuntimeClass does not exist, or the CRI cannot run the corresponding handler, the pod enters the Failed terminal phase. + If no runtimeClassName is specified, the default RuntimeHandler is used, which is equivalent to the behavior when the RuntimeClass feature is disabled. + type: string updateStrategy: description: |- The deployment strategy to use to replace existing pods with new ones. @@ -306,6 +322,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator @@ -322,24 +339,7 @@ spec: conditions: description: Conditions represents the latest available observations of a DatadogAgentProfile's current state. items: - description: |- - Condition contains details for one aspect of the current state of this API Resource. - --- - This struct is intended for direct use as an array at the field path .status.conditions. For example, - - - type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` - - - // other fields - } + description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- @@ -380,12 +380,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/crds/datadoghq.com_datadogagents.yaml b/crds/datadoghq.com_datadogagents.yaml index b8a5b538c..05deca222 100644 --- a/crds/datadoghq.com_datadogagents.yaml +++ b/crds/datadoghq.com_datadogagents.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogagents.datadoghq.com spec: group: datadoghq.com @@ -65,6 +65,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -89,6 +90,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -127,6 +129,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -149,6 +152,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -196,11 +201,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -220,11 +227,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -246,12 +255,27 @@ spec: type: boolean failurePolicy: type: string + kubernetesAdmissionEvents: + properties: + enabled: + type: boolean + type: object mutateUnlabelled: type: boolean + mutation: + properties: + enabled: + type: boolean + type: object registry: type: string serviceName: type: string + validation: + properties: + enabled: + type: boolean + type: object webhookName: type: string type: object @@ -683,6 +707,69 @@ spec: scrubContainers: type: boolean type: object + otelCollector: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + coreConfig: + properties: + enabled: + type: boolean + extensionTimeout: + type: integer + extensionURL: + type: string + type: object + enabled: + type: boolean + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-type: atomic + type: object otlp: properties: receiver: @@ -772,6 +859,11 @@ spec: type: boolean type: object type: object + serviceDiscovery: + properties: + enabled: + type: boolean + type: object tcpQueueLength: properties: enabled: @@ -785,6 +877,8 @@ spec: type: object global: properties: + checksTagCardinality: + type: string clusterAgentToken: type: string clusterAgentTokenSecret: @@ -875,6 +969,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -913,6 +1008,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -972,6 +1068,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -994,6 +1091,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1032,6 +1131,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1070,6 +1170,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1130,11 +1231,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1165,6 +1268,8 @@ spec: type: object registry: type: string + runProcessChecksInCoreAgent: + type: boolean secretBackend: properties: args: @@ -1183,6 +1288,9 @@ spec: type: string type: array x-kubernetes-list-type: set + required: + - namespace + - secrets type: object type: array x-kubernetes-list-type: atomic @@ -1221,11 +1329,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1237,11 +1347,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -1252,6 +1364,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -1268,11 +1381,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1284,14 +1399,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -1317,17 +1435,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1341,11 +1471,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1356,6 +1488,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1369,6 +1502,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1385,17 +1519,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1409,11 +1555,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1424,12 +1572,14 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -1451,17 +1601,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1475,11 +1637,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1490,6 +1654,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1503,6 +1668,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1519,17 +1685,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1543,11 +1721,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1558,12 +1738,14 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object annotations: @@ -1599,6 +1781,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1637,6 +1820,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1663,6 +1847,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -1673,6 +1858,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1693,6 +1879,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -1745,6 +1932,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -1755,6 +1943,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1775,6 +1964,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -1822,6 +2012,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1883,16 +2075,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -1940,6 +2143,87 @@ spec: type: string type: object type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object volumeMounts: items: properties: @@ -1951,6 +2235,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -1966,6 +2252,8 @@ spec: x-kubernetes-list-type: map type: object type: object + createPodDisruptionBudget: + type: boolean createRbac: type: boolean customConfigurations: @@ -2006,6 +2294,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic options: items: properties: @@ -2015,10 +2304,12 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic searches: items: type: string type: array + x-kubernetes-list-type: atomic type: object dnsPolicy: type: string @@ -2036,6 +2327,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -2074,6 +2366,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -2095,6 +2388,7 @@ spec: configMapRef: properties: name: + default: "" type: string optional: type: boolean @@ -2105,6 +2399,7 @@ spec: secretRef: properties: name: + default: "" type: string optional: type: boolean @@ -2188,6 +2483,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2210,8 +2506,19 @@ spec: replicas: format: int32 type: integer + runtimeClassName: + type: string securityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -2250,6 +2557,9 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -2262,6 +2572,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -2341,10 +2652,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -2368,6 +2681,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -2377,6 +2691,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2394,6 +2709,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2422,7 +2738,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2437,6 +2755,7 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2492,6 +2811,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -2516,6 +2836,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -2545,18 +2866,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2587,11 +2896,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2600,6 +2911,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -2622,10 +2935,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -2642,6 +2957,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2701,6 +3017,13 @@ spec: required: - path type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object iscsi: properties: chapAuthDiscovery: @@ -2714,6 +3037,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -2722,11 +3046,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2788,6 +3114,45 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -2805,7 +3170,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2851,6 +3218,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -2869,7 +3237,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2889,6 +3259,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -2915,22 +3286,27 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -2939,6 +3315,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -2949,12 +3326,14 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -2987,6 +3366,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -3001,6 +3381,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -3234,6 +3615,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -3258,6 +3640,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -3296,6 +3679,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -3318,6 +3702,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -3365,11 +3751,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3389,11 +3777,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3415,12 +3805,27 @@ spec: type: boolean failurePolicy: type: string + kubernetesAdmissionEvents: + properties: + enabled: + type: boolean + type: object mutateUnlabelled: type: boolean + mutation: + properties: + enabled: + type: boolean + type: object registry: type: string serviceName: type: string + validation: + properties: + enabled: + type: boolean + type: object webhookName: type: string type: object @@ -3852,6 +4257,69 @@ spec: scrubContainers: type: boolean type: object + otelCollector: + properties: + conf: + properties: + configData: + type: string + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + x-kubernetes-list-map-keys: + - key + x-kubernetes-list-type: map + name: + type: string + type: object + type: object + coreConfig: + properties: + enabled: + type: boolean + extensionTimeout: + type: integer + extensionURL: + type: string + type: object + enabled: + type: boolean + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-type: atomic + type: object otlp: properties: receiver: @@ -3941,6 +4409,11 @@ spec: type: boolean type: object type: object + serviceDiscovery: + properties: + enabled: + type: boolean + type: object tcpQueueLength: properties: enabled: diff --git a/crds/datadoghq.com_datadogdashboards.yaml b/crds/datadoghq.com_datadogdashboards.yaml index 608dccf89..6c4f9252f 100644 --- a/crds/datadoghq.com_datadogdashboards.yaml +++ b/crds/datadoghq.com_datadogdashboards.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogdashboards.datadoghq.com spec: group: datadoghq.com @@ -153,24 +153,7 @@ spec: conditions: description: Conditions represents the latest available observations of the state of a DatadogDashboard. items: - description: |- - Condition contains details for one aspect of the current state of this API Resource. - --- - This struct is intended for direct use as an array at the field path .status.conditions. For example, - - - type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` - - - // other fields - } + description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- @@ -211,12 +194,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/crds/datadoghq.com_datadogmetrics.yaml b/crds/datadoghq.com_datadogmetrics.yaml index 7a886335f..2aec4afbd 100644 --- a/crds/datadoghq.com_datadogmetrics.yaml +++ b/crds/datadoghq.com_datadogmetrics.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogmetrics.datadoghq.com spec: group: datadoghq.com diff --git a/crds/datadoghq.com_datadogmonitors.yaml b/crds/datadoghq.com_datadogmonitors.yaml index 11c854954..dc58b1133 100644 --- a/crds/datadoghq.com_datadogmonitors.yaml +++ b/crds/datadoghq.com_datadogmonitors.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogmonitors.datadoghq.com spec: group: datadoghq.com diff --git a/crds/datadoghq.com_datadogpodautoscalers.yaml b/crds/datadoghq.com_datadogpodautoscalers.yaml index fc1a26779..5a30875db 100644 --- a/crds/datadoghq.com_datadogpodautoscalers.yaml +++ b/crds/datadoghq.com_datadogpodautoscalers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogpodautoscalers.datadoghq.com spec: group: datadoghq.com @@ -225,6 +225,14 @@ spec: type: object type: array x-kubernetes-list-type: atomic + stabilizationWindowSeconds: + description: |- + StabilizationWindowSeconds is the number of seconds the controller should lookback at previous recommendations + before deciding to apply a new one. Defaults to 0. + format: int32 + maximum: 1800 + minimum: 0 + type: integer strategy: description: |- Strategy is used to specify which policy should be used. @@ -291,6 +299,14 @@ spec: type: object type: array x-kubernetes-list-type: atomic + stabilizationWindowSeconds: + description: |- + StabilizationWindowSeconds is the number of seconds the controller should lookback at previous recommendations + before deciding to apply a new one. Defaults to 0. + format: int32 + maximum: 1800 + minimum: 0 + type: integer strategy: description: |- Strategy is used to specify which policy should be used. diff --git a/crds/datadoghq.com_datadogslos.yaml b/crds/datadoghq.com_datadogslos.yaml index 3098d729c..1033ce065 100644 --- a/crds/datadoghq.com_datadogslos.yaml +++ b/crds/datadoghq.com_datadogslos.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogslos.datadoghq.com spec: group: datadoghq.com @@ -137,24 +137,7 @@ spec: conditions: description: Conditions represents the latest available observations of the state of a DatadogSLO. items: - description: |- - Condition contains details for one aspect of the current state of this API Resource. - --- - This struct is intended for direct use as an array at the field path .status.conditions. For example, - - - type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: "Available", "Progressing", and "Degraded" - // +patchMergeKey=type - // +patchStrategy=merge - // +listType=map - // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` - - - // other fields - } + description: Condition contains details for one aspect of the current state of this API Resource. properties: lastTransitionTime: description: |- @@ -195,12 +178,7 @@ spec: - Unknown type: string type: - description: |- - type of condition in CamelCase or in foo.example.com/CamelCase. - --- - Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be - useful (see .node.status.conditions), the ability to deconflict is important. - The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + description: type of condition in CamelCase or in foo.example.com/CamelCase. maxLength: 316 pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ type: string diff --git a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml index 2b46bb5d6..0a364f99e 100644 --- a/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml +++ b/test/datadog-operator/baseline/DatadogAgent_CRD_default.yaml @@ -4,10 +4,10 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.16.3 name: datadogagents.datadoghq.com labels: - helm.sh/chart: 'datadogCRDs-2.2.0' + helm.sh/chart: 'datadogCRDs-2.3.0' app.kubernetes.io/managed-by: 'Helm' app.kubernetes.io/name: 'datadogCRDs' app.kubernetes.io/instance: 'datadog-operator' @@ -71,6 +71,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -95,6 +96,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -133,6 +135,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -155,6 +158,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -202,11 +207,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -226,11 +233,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -254,10 +263,20 @@ spec: type: string mutateUnlabelled: type: boolean + mutation: + properties: + enabled: + type: boolean + type: object registry: type: string serviceName: type: string + validation: + properties: + enabled: + type: boolean + type: object webhookName: type: string type: object @@ -778,6 +797,11 @@ spec: type: boolean type: object type: object + serviceDiscovery: + properties: + enabled: + type: boolean + type: object tcpQueueLength: properties: enabled: @@ -791,6 +815,8 @@ spec: type: object global: properties: + checksTagCardinality: + type: string clusterAgentToken: type: string clusterAgentTokenSecret: @@ -881,6 +907,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -919,6 +946,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -978,6 +1006,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -1000,6 +1029,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1038,6 +1069,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1076,6 +1108,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1136,11 +1169,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1171,6 +1206,8 @@ spec: type: object registry: type: string + runProcessChecksInCoreAgent: + type: boolean secretBackend: properties: args: @@ -1189,6 +1226,9 @@ spec: type: string type: array x-kubernetes-list-type: set + required: + - namespace + - secrets type: object type: array x-kubernetes-list-type: atomic @@ -1227,11 +1267,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1243,11 +1285,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic weight: @@ -1258,6 +1302,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: properties: nodeSelectorTerms: @@ -1274,11 +1319,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchFields: items: properties: @@ -1290,14 +1337,17 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic type: object x-kubernetes-map-type: atomic type: array + x-kubernetes-list-type: atomic required: - nodeSelectorTerms type: object @@ -1323,17 +1373,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1347,11 +1409,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1362,6 +1426,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1375,6 +1440,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1391,17 +1457,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1415,11 +1493,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1430,12 +1510,14 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object podAntiAffinity: properties: @@ -1457,17 +1539,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1481,11 +1575,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1496,6 +1592,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: @@ -1509,6 +1606,7 @@ spec: - weight type: object type: array + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: items: properties: @@ -1525,17 +1623,29 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string type: object type: object x-kubernetes-map-type: atomic + matchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic + mismatchLabelKeys: + items: + type: string + type: array + x-kubernetes-list-type: atomic namespaceSelector: properties: matchExpressions: @@ -1549,11 +1659,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -1564,12 +1676,14 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic topologyKey: type: string required: - topologyKey type: object type: array + x-kubernetes-list-type: atomic type: object type: object annotations: @@ -1605,6 +1719,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1643,6 +1758,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -1669,6 +1785,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -1679,6 +1796,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1699,6 +1817,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -1751,6 +1870,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic type: object failureThreshold: format: int32 @@ -1761,6 +1881,7 @@ spec: format: int32 type: integer service: + default: "" type: string required: - port @@ -1781,6 +1902,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic path: type: string port: @@ -1828,6 +1950,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -1889,16 +2013,27 @@ spec: properties: allowPrivilegeEscalation: type: boolean + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object capabilities: properties: add: items: type: string type: array + x-kubernetes-list-type: atomic drop: items: type: string type: array + x-kubernetes-list-type: atomic type: object privileged: type: boolean @@ -1946,6 +2081,87 @@ spec: type: string type: object type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + x-kubernetes-list-type: atomic + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + default: "" + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + x-kubernetes-list-type: atomic + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object volumeMounts: items: properties: @@ -1957,6 +2173,8 @@ spec: type: string readOnly: type: boolean + recursiveReadOnly: + type: string subPath: type: string subPathExpr: @@ -1972,6 +2190,8 @@ spec: x-kubernetes-list-type: map type: object type: object + createPodDisruptionBudget: + type: boolean createRbac: type: boolean customConfigurations: @@ -2012,6 +2232,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic options: items: properties: @@ -2021,10 +2242,12 @@ spec: type: string type: object type: array + x-kubernetes-list-type: atomic searches: items: type: string type: array + x-kubernetes-list-type: atomic type: object dnsPolicy: type: string @@ -2042,6 +2265,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -2080,6 +2304,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -2101,6 +2326,7 @@ spec: configMapRef: properties: name: + default: "" type: string optional: type: boolean @@ -2111,6 +2337,7 @@ spec: secretRef: properties: name: + default: "" type: string optional: type: boolean @@ -2194,6 +2421,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2218,6 +2446,15 @@ spec: type: integer securityContext: properties: + appArmorProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object fsGroup: format: int64 type: integer @@ -2256,6 +2493,9 @@ spec: format: int64 type: integer type: array + x-kubernetes-list-type: atomic + supplementalGroupsPolicy: + type: string sysctls: items: properties: @@ -2268,6 +2508,7 @@ spec: - value type: object type: array + x-kubernetes-list-type: atomic windowsOptions: properties: gmsaCredentialSpec: @@ -2347,10 +2588,12 @@ spec: diskURI: type: string fsType: + default: ext4 type: string kind: type: string readOnly: + default: false type: boolean required: - diskName @@ -2374,6 +2617,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic path: type: string readOnly: @@ -2383,6 +2627,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2400,6 +2645,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2428,7 +2674,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2443,6 +2691,7 @@ spec: nodePublishSecretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2498,6 +2747,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object emptyDir: properties: @@ -2522,6 +2772,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic dataSource: properties: apiGroup: @@ -2551,18 +2802,6 @@ spec: type: object resources: properties: - claims: - items: - properties: - name: - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map limits: additionalProperties: anyOf: @@ -2593,11 +2832,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -2606,6 +2847,8 @@ spec: x-kubernetes-map-type: atomic storageClassName: type: string + volumeAttributesClassName: + type: string volumeMode: type: string volumeName: @@ -2628,10 +2871,12 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic wwids: items: type: string type: array + x-kubernetes-list-type: atomic type: object flexVolume: properties: @@ -2648,6 +2893,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2707,6 +2953,13 @@ spec: required: - path type: object + image: + properties: + pullPolicy: + type: string + reference: + type: string + type: object iscsi: properties: chapAuthDiscovery: @@ -2720,6 +2973,7 @@ spec: iqn: type: string iscsiInterface: + default: default type: string lun: format: int32 @@ -2728,11 +2982,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -2794,6 +3050,45 @@ spec: sources: items: properties: + clusterTrustBundle: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + type: object + type: object + x-kubernetes-map-type: atomic + name: + type: string + optional: + type: boolean + path: + type: string + signerName: + type: string + required: + - path + type: object configMap: properties: items: @@ -2811,7 +3106,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2857,6 +3154,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic type: object secret: properties: @@ -2875,7 +3173,9 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic name: + default: "" type: string optional: type: boolean @@ -2895,6 +3195,7 @@ spec: type: object type: object type: array + x-kubernetes-list-type: atomic type: object quobyte: properties: @@ -2921,22 +3222,27 @@ spec: image: type: string keyring: + default: /etc/ceph/keyring type: string monitors: items: type: string type: array + x-kubernetes-list-type: atomic pool: + default: rbd type: string readOnly: type: boolean secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic user: + default: admin type: string required: - image @@ -2945,6 +3251,7 @@ spec: scaleIO: properties: fsType: + default: xfs type: string gateway: type: string @@ -2955,12 +3262,14 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic sslEnabled: type: boolean storageMode: + default: ThinProvisioned type: string storagePool: type: string @@ -2993,6 +3302,7 @@ spec: - path type: object type: array + x-kubernetes-list-type: atomic optional: type: boolean secretName: @@ -3007,6 +3317,7 @@ spec: secretRef: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -3240,6 +3551,7 @@ spec: items: properties: name: + default: "" type: string type: object x-kubernetes-map-type: atomic @@ -3264,6 +3576,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -3302,6 +3615,7 @@ spec: key: type: string name: + default: "" type: string optional: type: boolean @@ -3324,6 +3638,8 @@ spec: properties: name: type: string + request: + type: string required: - name type: object @@ -3371,11 +3687,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3395,11 +3713,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -3423,10 +3743,20 @@ spec: type: string mutateUnlabelled: type: boolean + mutation: + properties: + enabled: + type: boolean + type: object registry: type: string serviceName: type: string + validation: + properties: + enabled: + type: boolean + type: object webhookName: type: string type: object @@ -3947,6 +4277,11 @@ spec: type: boolean type: object type: object + serviceDiscovery: + properties: + enabled: + type: boolean + type: object tcpQueueLength: properties: enabled: diff --git a/test/datadog-operator/baseline/Operator_Deployment_default.yaml b/test/datadog-operator/baseline/Operator_Deployment_default.yaml index cd52a9683..a1e2c5a8e 100644 --- a/test/datadog-operator/baseline/Operator_Deployment_default.yaml +++ b/test/datadog-operator/baseline/Operator_Deployment_default.yaml @@ -7,9 +7,9 @@ metadata: namespace: datadog-agent labels: app.kubernetes.io/name: datadog-operator - helm.sh/chart: datadog-operator-2.3.0 + helm.sh/chart: datadog-operator-2.5.1 app.kubernetes.io/instance: datadog-operator - app.kubernetes.io/version: "1.10.0" + app.kubernetes.io/version: "1.11.1" app.kubernetes.io/managed-by: Helm spec: replicas: 1 @@ -35,7 +35,7 @@ spec: serviceAccountName: datadog-operator containers: - name: datadog-operator - image: "gcr.io/datadoghq/operator:1.10.0" + image: "gcr.io/datadoghq/operator:1.11.1" imagePullPolicy: IfNotPresent env: - name: WATCH_NAMESPACE diff --git a/test/datadog-operator/operator_deployment_test.go b/test/datadog-operator/operator_deployment_test.go index d97cad2a5..9c6ffa94c 100644 --- a/test/datadog-operator/operator_deployment_test.go +++ b/test/datadog-operator/operator_deployment_test.go @@ -84,6 +84,23 @@ func Test_operator_chart(t *testing.T) { assertions: verifyLivenessProbeOverride, skipTest: SkipTest, }, + { + name: "Watch namespaces correctly set", + command: common.HelmCommand{ + ReleaseName: "datadog-operator", + ChartPath: "../../charts/datadog-operator", + ShowOnly: []string{"templates/deployment.yaml"}, + Values: []string{"../../charts/datadog-operator/values.yaml"}, + Overrides: map[string]string{ + "watchNamespaces": "{common1,common2}", + "watchNamespacesAgent": "{dda-ns}", + "watchNamespacesMonitor": "{monitor-ns}", + "watchNamespacesSLO": "{}", + }, + }, + assertions: verifyWatchNamespaces, + skipTest: SkipTest, + }, } for _, tt := range tests { @@ -104,7 +121,7 @@ func verifyDeployment(t *testing.T, manifest string) { assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) operatorContainer := deployment.Spec.Template.Spec.Containers[0] assert.Equal(t, v1.PullPolicy("IfNotPresent"), operatorContainer.ImagePullPolicy) - assert.Equal(t, "gcr.io/datadoghq/operator:1.10.0", operatorContainer.Image) + assert.Equal(t, "gcr.io/datadoghq/operator:1.11.1", operatorContainer.Image) assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=false") assert.NotContains(t, operatorContainer.Args, "-webhookEnabled=true") } @@ -131,3 +148,30 @@ func verifyLivenessProbeOverride(t *testing.T, manifest string) { assert.Equal(t, int32(20), operatorContainer.LivenessProbe.TimeoutSeconds) assert.Equal(t, int32(3), operatorContainer.LivenessProbe.FailureThreshold) } + +func verifyWatchNamespaces(t *testing.T, manifest string) { + var deployment appsv1.Deployment + common.Unmarshal(t, manifest, &deployment) + assert.Equal(t, 1, len(deployment.Spec.Template.Spec.Containers)) + operatorContainer := deployment.Spec.Template.Spec.Containers[0] + watchNsEnv := FindEnvVarByName(operatorContainer.Env, "WATCH_NAMESPACE") + agentNsEnv := FindEnvVarByName(operatorContainer.Env, "DD_AGENT_WATCH_NAMESPACE") + monitorNsEnv := FindEnvVarByName(operatorContainer.Env, "DD_MONITOR_WATCH_NAMESPACE") + sloNsEnv := FindEnvVarByName(operatorContainer.Env, "DD_SLO_WATCH_NAMESPACE") + dapNsEnv := FindEnvVarByName(operatorContainer.Env, "DD_AGENT_PROFILE_WATCH_NAMESPACE") + + assert.Equal(t, "common1,common2", watchNsEnv.Value) + assert.Equal(t, "dda-ns", agentNsEnv.Value) + assert.Equal(t, "monitor-ns", monitorNsEnv.Value) + assert.Equal(t, "", sloNsEnv.Value) + assert.Nil(t, dapNsEnv) +} + +func FindEnvVarByName(envs []v1.EnvVar, name string) *v1.EnvVar { + for i, env := range envs { + if env.Name == name { + return &envs[i] + } + } + return nil +} diff --git a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml index f0d675e83..9a56dca89 100644 --- a/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml +++ b/test/datadog/baseline/agent-clusterchecks-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,8 +36,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 7252ac95e9b7a2be76a893f29be97ba3ddfa93e988f208d18a1e4e410b6b9b7a - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/clusteragent_token: 82707f47b0bfc55fc39a2740339e31da8b81064a3a1af2eb7ad07b8cefca2060 + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -45,7 +45,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -57,7 +57,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -70,7 +70,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" command: ["bash", "-c"] args: - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run diff --git a/test/datadog/baseline/cluster-agent-deployment_default.yaml b/test/datadog/baseline/cluster-agent-deployment_default.yaml index 20f97b46b..22e861306 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 789eaddd8ebf97ad196c8ccbad93bdfa98bebad0d60672807686f6587b30fe99 - checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d - checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 + checksum/clusteragent_token: 2a79fd54ee54b48b65cf8755fb30c0a8709de2d17d4498be14a4f81d7e62c7e6 + checksum/clusteragent-configmap: abfb71847d6ccb5c229cccfd8379d84bcc99108fbea76f413e0b3d80396e8e6b + checksum/api_key: 729a3b093f470188d114eb0722e0b462aaf964f2d2658fcde4c0ef405ca03123 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.59.0" + image: "gcr.io/datadoghq/cluster-agent:7.62.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.59.0" + image: "gcr.io/datadoghq/cluster-agent:7.62.0" imagePullPolicy: IfNotPresent resources: {} @@ -78,6 +78,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName - name: DD_HEALTH_PORT value: "5556" - name: DD_API_KEY @@ -95,6 +99,10 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME value: "datadog-webhook" - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED @@ -133,6 +141,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME diff --git a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml index 567fca801..f16eaa183 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_advanced_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: e3466aa95772fd657b731896232e59a2386ac6c1a38b0ab18cbdeb09156544e8 - checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d - checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 + checksum/clusteragent_token: da73eb12114a230565e36abba3c29649d8fd0c8dd4fa0940ef4ef23512120e52 + checksum/clusteragent-configmap: abfb71847d6ccb5c229cccfd8379d84bcc99108fbea76f413e0b3d80396e8e6b + checksum/api_key: 729a3b093f470188d114eb0722e0b462aaf964f2d2658fcde4c0ef405ca03123 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.59.0" + image: "gcr.io/datadoghq/cluster-agent:7.62.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.59.0" + image: "gcr.io/datadoghq/cluster-agent:7.62.0" imagePullPolicy: IfNotPresent resources: {} @@ -78,6 +78,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName - name: DD_HEALTH_PORT value: "5556" - name: DD_API_KEY @@ -95,6 +99,10 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME value: "datadog-webhook" - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED @@ -147,6 +155,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME diff --git a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml index 6421f7579..57e2fff9a 100644 --- a/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml +++ b/test/datadog/baseline/cluster-agent-deployment_default_minimal_AC_injection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -36,17 +36,17 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: 153bf4c7a1851a4a2b03bcb46a026255dda1d786c6a5b95827e5364391602e55 - checksum/clusteragent-configmap: f7ddc12f1f727af3c450b5b1fc979f56419ae0902320da72a4077d5a3e899f8d - checksum/api_key: 16b334660f377f7344c3de471b1b9c142c4ff1a49cf6dbf2acbc92d4b2979115 + checksum/clusteragent_token: 041ef1801306228d46d7eec4638bca9ce06c2ed5d1a158f9d03fae036e5a5661 + checksum/clusteragent-configmap: abfb71847d6ccb5c229cccfd8379d84bcc99108fbea76f413e0b3d80396e8e6b + checksum/api_key: 729a3b093f470188d114eb0722e0b462aaf964f2d2658fcde4c0ef405ca03123 checksum/application_key: 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.59.0" + image: "gcr.io/datadoghq/cluster-agent:7.62.0" imagePullPolicy: IfNotPresent command: - cp @@ -59,7 +59,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.59.0" + image: "gcr.io/datadoghq/cluster-agent:7.62.0" imagePullPolicy: IfNotPresent resources: {} @@ -78,6 +78,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName - name: DD_HEALTH_PORT value: "5556" - name: DD_API_KEY @@ -95,6 +99,10 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME value: "datadog-webhook" - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED @@ -122,7 +130,7 @@ spec: - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_NAME value: agent - name: DD_ADMISSION_CONTROLLER_AGENT_SIDECAR_IMAGE_TAG - value: 7.59.0 + value: 7.62.0 - name: DD_REMOTE_CONFIGURATION_ENABLED value: "false" - name: DD_CLUSTER_CHECKS_ENABLED @@ -143,6 +151,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME diff --git a/test/datadog/baseline/daemonset_default.yaml b/test/datadog/baseline/daemonset_default.yaml index 15abb4696..871d35989 100644 --- a/test/datadog/baseline/daemonset_default.yaml +++ b/test/datadog/baseline/daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: 36d1e9094d3cb200659405983a1c3aa58982bd20ea30a71974a01965e0df5ddf - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/clusteragent_token: 174aed95311830aaf174696e8c52c338f13193ff6b513fa2407bccf3de9cf236 + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -42,7 +42,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -87,7 +87,7 @@ spec: - name: DD_STRIP_PROCESS_ARGS value: "false" - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED - value: "false" + value: "true" - name: DD_LOG_LEVEL value: "INFO" - name: DD_DOGSTATSD_PORT @@ -173,6 +173,9 @@ spec: mountPath: /host/sys/fs/cgroup mountPropagation: None readOnly: true + - name: passwd + mountPath: /etc/passwd + readOnly: true livenessProbe: failureThreshold: 6 httpGet: @@ -204,7 +207,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -310,105 +313,9 @@ spec: tcpSocket: port: 8126 timeoutSeconds: 5 - - name: process-agent - image: "gcr.io/datadoghq/agent:7.59.0" - imagePullPolicy: IfNotPresent - command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] - resources: - {} - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - - - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED - value: "false" - - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED - value: "true" - - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED - value: "true" - - name: DD_STRIP_PROCESS_ARGS - value: "false" - - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED - value: "false" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_SYSTEM_PROBE_ENABLED - value: "false" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: true - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: true - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false # Need RW for UDS DSD socket - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to tmp directory - - - name: os-release-file - mountPath: /host/etc/os-release - readOnly: true - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -420,7 +327,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/gdc_daemonset_default.yaml b/test/datadog/baseline/gdc_daemonset_default.yaml index 829e5c79f..5ae4bc007 100644 --- a/test/datadog/baseline/gdc_daemonset_default.yaml +++ b/test/datadog/baseline/gdc_daemonset_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: ac6f3df32a82b47f1cec6be0a9dce0cc1978c1f64fd5b75177734090bacf54da - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/clusteragent_token: 7fc9f30808ea0383822036c8c312145acf9d5ffbce9dfd4e4fa2c58ee6885cee + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -41,7 +41,7 @@ spec: runAsUser: 0 containers: - name: agent - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -188,7 +188,7 @@ spec: timeoutSeconds: 5 initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -200,7 +200,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml index 46d33c986..579867388 100644 --- a/test/datadog/baseline/gdc_daemonset_logs_collection.yaml +++ b/test/datadog/baseline/gdc_daemonset_logs_collection.yaml @@ -6,7 +6,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -30,8 +30,8 @@ spec: env.datadoghq.com/kind: gke-gdc name: datadog annotations: - checksum/clusteragent_token: 009553ab18468f5e3c937f34ded921a712214a78b4cbd82f8233e4512e20390d - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/clusteragent_token: 5251a960464770e4370d189d056f28e10e31380da0f2313f0c2448897e2624ec + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -41,7 +41,7 @@ spec: runAsUser: 0 containers: - name: agent - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -200,7 +200,7 @@ spec: timeoutSeconds: 5 initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -212,7 +212,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: - bash diff --git a/test/datadog/baseline/other_default.yaml b/test/datadog/baseline/other_default.yaml index b203ba643..f90244294 100644 --- a/test/datadog/baseline/other_default.yaml +++ b/test/datadog/baseline/other_default.yaml @@ -6,7 +6,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -24,7 +24,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -41,13 +41,13 @@ kind: ServiceAccount automountServiceAccountToken: true metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" app: "datadog" - chart: "datadog-3.79.0" + chart: "datadog-3.90.1" heritage: "Helm" release: "datadog" name: datadog-cluster-checks @@ -60,10 +60,10 @@ automountServiceAccountToken: true metadata: labels: app: "datadog" - chart: "datadog-3.79.0" + chart: "datadog-3.90.1" heritage: "Helm" release: "datadog" - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -79,7 +79,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -92,14 +92,14 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" type: Opaque data: - token: "VUhXVVpZMDVTb1Bnd2VxODM1bTRDcU43SFc0UEhTSng=" + token: "akJERTVsWGplWTZEZXdPMFVLalFlS2FSZVhaWTlvU1E=" --- # Source: datadog/templates/cluster-agent-confd-configmap.yaml apiVersion: v1 @@ -108,7 +108,7 @@ metadata: name: datadog-cluster-agent-confd namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -149,10 +149,12 @@ data: {} annotations_as_tags: {} + kubernetes_apiserver.yaml: |- init_config: instances: - - filtering_enabled: false + - + filtering_enabled: false unbundle_events: false --- # Source: datadog/templates/install_info-configmap.yaml @@ -162,20 +164,20 @@ metadata: name: datadog-installinfo namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" annotations: - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 data: install_info: | --- install_method: tool: helm tool_version: Helm - installer_version: datadog-3.79.0 + installer_version: datadog-3.90.1 --- # Source: datadog/templates/kpi-telemetry-configmap.yaml apiVersion: v1 @@ -184,22 +186,22 @@ metadata: name: datadog-kpi-telemetry-configmap namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm app.kubernetes.io/version: "7" data: install_type: k8s_manual - install_id: "3111252e-d253-4641-b8b3-30b9c6be6466" - install_time: "1731360232" + install_id: "2481de20-14d7-4ee6-9a7a-c2ef5ed1a195" + install_time: "1738785665" --- # Source: datadog/templates/cluster-agent-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -229,6 +231,14 @@ rules: - list - watch - create +- apiGroups: + - "discovery.k8s.io" + resources: + - endpointslices + verbs: + - get + - list + - watch - apiGroups: ["quota.openshift.io"] resources: - clusterresourcequotas @@ -388,7 +398,7 @@ rules: - mutatingwebhookconfigurations resourceNames: - "datadog-webhook" - verbs: ["get", "list", "watch", "update"] + verbs: ["get", "list", "watch", "update", "delete"] - apiGroups: - admissionregistration.k8s.io resources: @@ -416,7 +426,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRole metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -512,7 +522,7 @@ kind: ClusterRole metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -554,13 +564,20 @@ rules: - leases verbs: - get +- apiGroups: # EKS kube_scheduler and kube_controller_manager control plane metrics + - "metrics.eks.amazonaws.com" + resources: + - kcm/metrics + - ksh/metrics + verbs: + - get --- # Source: datadog/templates/agent-clusterchecks-rbac.yaml apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -580,7 +597,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -600,7 +617,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: ClusterRoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -621,7 +638,7 @@ kind: ClusterRoleBinding metadata: name: datadog labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -640,7 +657,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -657,7 +674,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: Role metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -679,7 +696,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -700,7 +717,7 @@ apiVersion: "rbac.authorization.k8s.io/v1" kind: RoleBinding metadata: labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -723,7 +740,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -745,10 +762,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.79.0" + chart: "datadog-3.90.1" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -771,10 +788,10 @@ metadata: namespace: datadog-agent labels: app: "datadog" - chart: "datadog-3.79.0" + chart: "datadog-3.90.1" release: "datadog" heritage: "Helm" - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -800,7 +817,7 @@ metadata: name: datadog namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -824,8 +841,8 @@ spec: name: datadog annotations: - checksum/clusteragent_token: f00581a69706d733ac0c8e932c003a67a287dff70bc15af0030fff5a1e66e0cd - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/clusteragent_token: 2f5e57327770b567fc1dafc71318aa2f3c850df1ef4977ec5fe26197b8834136 + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 checksum/autoconf-config: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b checksum/confd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a checksum/checksd-config: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a @@ -836,7 +853,7 @@ spec: hostPID: true containers: - name: agent - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["agent", "run"] @@ -881,7 +898,7 @@ spec: - name: DD_STRIP_PROCESS_ARGS value: "false" - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED - value: "false" + value: "true" - name: DD_LOG_LEVEL value: "INFO" - name: DD_DOGSTATSD_PORT @@ -968,6 +985,9 @@ spec: mountPath: /host/sys/fs/cgroup mountPropagation: None readOnly: true + - name: passwd + mountPath: /etc/passwd + readOnly: true livenessProbe: failureThreshold: 6 httpGet: @@ -999,7 +1019,7 @@ spec: successThreshold: 1 timeoutSeconds: 5 - name: trace-agent - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["trace-agent", "-config=/etc/datadog-agent/datadog.yaml"] resources: @@ -1105,105 +1125,9 @@ spec: tcpSocket: port: 8126 timeoutSeconds: 5 - - name: process-agent - image: "gcr.io/datadoghq/agent:7.59.0" - imagePullPolicy: IfNotPresent - command: ["process-agent", "--cfgpath=/etc/datadog-agent/datadog.yaml"] - resources: - {} - env: - - name: DD_API_KEY - valueFrom: - secretKeyRef: - name: "datadog-secret" - key: api-key - - name: DD_REMOTE_CONFIGURATION_ENABLED - value: "true" - - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token - - - name: KUBERNETES - value: "yes" - - name: DD_LANGUAGE_DETECTION_ENABLED - value: "false" - - name: DD_LANGUAGE_DETECTION_REPORTING_ENABLED - value: "false" - - name: DD_KUBERNETES_KUBELET_HOST - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: DD_OTLP_CONFIG_LOGS_ENABLED - value: "false" - - - name: DD_CLUSTER_AGENT_ENABLED - value: "true" - - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME - value: datadog-cluster-agent - - name: DD_CLUSTER_AGENT_AUTH_TOKEN - valueFrom: - secretKeyRef: - name: datadog-cluster-agent - key: token - - - - name: DD_PROCESS_CONFIG_PROCESS_COLLECTION_ENABLED - value: "false" - - name: DD_PROCESS_CONFIG_CONTAINER_COLLECTION_ENABLED - value: "true" - - name: DD_PROCESS_AGENT_DISCOVERY_ENABLED - value: "true" - - name: DD_STRIP_PROCESS_ARGS - value: "false" - - name: DD_PROCESS_CONFIG_RUN_IN_CORE_AGENT_ENABLED - value: "false" - - name: DD_LOG_LEVEL - value: "INFO" - - name: DD_SYSTEM_PROBE_ENABLED - value: "false" - - name: DD_DOGSTATSD_SOCKET - value: "/var/run/datadog/dsd.socket" - - name: DD_ORCHESTRATOR_EXPLORER_ENABLED - value: "true" - volumeMounts: - - name: config - mountPath: /etc/datadog-agent - readOnly: true - - name: logdatadog - mountPath: /var/log/datadog - readOnly: false # Need RW to write logs - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: true - - name: dsdsocket - mountPath: /var/run/datadog - readOnly: false # Need RW for UDS DSD socket - - name: tmpdir - mountPath: /tmp - readOnly: false # Need RW to write to tmp directory - - - name: os-release-file - mountPath: /host/etc/os-release - readOnly: true - - - name: runtimesocketdir - mountPath: /host/var/run - mountPropagation: None - readOnly: true - - - name: cgroups - mountPath: /host/sys/fs/cgroup - mountPropagation: None - readOnly: true - - name: passwd - mountPath: /etc/passwd - readOnly: true - - name: procdir - mountPath: /host/proc - mountPropagation: None - readOnly: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1215,7 +1139,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: - bash @@ -1321,7 +1245,7 @@ metadata: name: datadog-clusterchecks namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1351,8 +1275,8 @@ spec: name: datadog-clusterchecks annotations: - checksum/clusteragent_token: 0f3c4653bf6f20423353df3b2c09b545f377c8943c78e038a764c08ee01e7cec - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/clusteragent_token: 1b27814030c156af6fcafca3ca9274edebf20699c821e892d77c4c7d740a2f5b + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 spec: serviceAccountName: datadog-cluster-checks automountServiceAccountToken: true @@ -1360,7 +1284,7 @@ spec: [] initContainers: - name: init-volume - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1372,7 +1296,7 @@ spec: resources: {} - name: init-config - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" imagePullPolicy: IfNotPresent command: ["bash", "-c"] args: @@ -1385,7 +1309,7 @@ spec: {} containers: - name: agent - image: "gcr.io/datadoghq/agent:7.59.0" + image: "gcr.io/datadoghq/agent:7.62.0" command: ["bash", "-c"] args: - find /etc/datadog-agent/conf.d/ -name "*.yaml.default" -type f -delete && touch /etc/datadog-agent/datadog.yaml && exec agent run @@ -1513,7 +1437,7 @@ metadata: name: datadog-cluster-agent namespace: datadog-agent labels: - helm.sh/chart: 'datadog-3.79.0' + helm.sh/chart: 'datadog-3.90.1' app.kubernetes.io/name: "datadog" app.kubernetes.io/instance: "datadog" app.kubernetes.io/managed-by: Helm @@ -1543,15 +1467,15 @@ spec: name: datadog-cluster-agent annotations: - checksum/clusteragent_token: dc1e3efaa7c41119e5e666c61d458d5dd5b608c3f5be3e7044f14e087aadeca2 - checksum/clusteragent-configmap: 01caadfa4eb3983f3938c37d3a44a51e3ca2969b2d5ffff36f24d025f3246067 - checksum/install_info: 113a50d660d16d7edc1f9242b70b5dde0f3f6f12ce82ce794a8dc01e2863e6a5 + checksum/clusteragent_token: 1176d3833b7a6e7565e239de5bb77df64ee32f35d85f852534db02422215ba35 + checksum/clusteragent-configmap: 9f0ae9132099384f08acb30e2ef9005327efa60bf64fe70444720d4b538bbf21 + checksum/install_info: 9723455d5ab3318a8d2a46e64a29d03b3142738df48c8a9ccac656513fd33065 spec: serviceAccountName: datadog-cluster-agent automountServiceAccountToken: true initContainers: - name: init-volume - image: "gcr.io/datadoghq/cluster-agent:7.59.0" + image: "gcr.io/datadoghq/cluster-agent:7.62.0" imagePullPolicy: IfNotPresent command: - cp @@ -1564,7 +1488,7 @@ spec: mountPath: /opt/datadog-agent containers: - name: cluster-agent - image: "gcr.io/datadoghq/cluster-agent:7.59.0" + image: "gcr.io/datadoghq/cluster-agent:7.62.0" imagePullPolicy: IfNotPresent resources: {} @@ -1583,6 +1507,10 @@ spec: valueFrom: fieldRef: fieldPath: metadata.name + - name: DD_CLUSTER_AGENT_SERVICE_ACCOUNT_NAME + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName - name: DD_HEALTH_PORT value: "5556" - name: DD_API_KEY @@ -1600,6 +1528,10 @@ spec: value: "false" - name: DD_ADMISSION_CONTROLLER_ENABLED value: "true" + - name: DD_ADMISSION_CONTROLLER_VALIDATION_ENABLED + value: "true" + - name: DD_ADMISSION_CONTROLLER_MUTATION_ENABLED + value: "true" - name: DD_ADMISSION_CONTROLLER_WEBHOOK_NAME value: "datadog-webhook" - name: DD_ADMISSION_CONTROLLER_MUTATE_UNLABELLED @@ -1640,6 +1572,8 @@ spec: value: datadogtoken - name: DD_COLLECT_KUBERNETES_EVENTS value: "true" + - name: DD_KUBERNETES_USE_ENDPOINT_SLICES + value: "false" - name: DD_KUBERNETES_EVENTS_SOURCE_DETECTION_ENABLED value: "false" - name: DD_CLUSTER_AGENT_KUBERNETES_SERVICE_NAME diff --git a/test/datadog/otel_agent_test.go b/test/datadog/otel_agent_test.go new file mode 100644 index 000000000..a14b8368e --- /dev/null +++ b/test/datadog/otel_agent_test.go @@ -0,0 +1,75 @@ +package datadog + +import ( + "testing" + + "github.com/stretchr/testify/assert" + appsv1 "k8s.io/api/apps/v1" + + "github.com/DataDog/helm-charts/test/common" +) + +const ( + DDAgentIpcPort = "DD_AGENT_IPC_PORT" + DDAgentIpcConfigRefreshInterval = "DD_AGENT_IPC_CONFIG_REFRESH_INTERVAL" +) + +type ExpectedIpcEnv struct { + ipcPort string + ipcConfigRefreshInterval string +} + +func Test_otelAgentConfigs(t *testing.T) { + tests := []struct { + name string + command common.HelmCommand + assertions func(t *testing.T, manifest string, expectedIpcEnv ExpectedIpcEnv) + expectedIpcEnv ExpectedIpcEnv + }{ + { + name: "no ipc provided", + command: common.HelmCommand{ + ReleaseName: "datadog", + ChartPath: "../../charts/datadog", + ShowOnly: []string{"templates/daemonset.yaml"}, + Values: []string{"../../charts/datadog/values.yaml"}, + Overrides: map[string]string{ + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.otelCollector.enabled": "true", + }, + }, + expectedIpcEnv: ExpectedIpcEnv{ + ipcPort: "5009", + ipcConfigRefreshInterval: "60", + }, + assertions: verifyOtelAgentEnvVars, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + manifest, err := common.RenderChart(t, tt.command) + assert.Nil(t, err, "couldn't render template") + tt.assertions(t, manifest, tt.expectedIpcEnv) + }) + } +} + +func verifyOtelAgentEnvVars(t *testing.T, manifest string, expectedIpcEnv ExpectedIpcEnv) { + var deployment appsv1.DaemonSet + common.Unmarshal(t, manifest, &deployment) + // otel agent + otelAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "otel-agent") + assert.True(t, ok) + coreEnvs := getEnvVarMap(otelAgentContainer.Env) + assert.Equal(t, expectedIpcEnv.ipcPort, coreEnvs[DDAgentIpcPort]) + assert.Equal(t, expectedIpcEnv.ipcConfigRefreshInterval, coreEnvs[DDAgentIpcConfigRefreshInterval]) + + // core agent + coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") + assert.True(t, ok) + coreEnvs = getEnvVarMap(coreAgentContainer.Env) + assert.Equal(t, expectedIpcEnv.ipcPort, coreEnvs[DDAgentIpcPort]) + assert.Equal(t, expectedIpcEnv.ipcConfigRefreshInterval, coreEnvs[DDAgentIpcConfigRefreshInterval]) +} diff --git a/test/datadog/process_agent_test.go b/test/datadog/process_agent_test.go index 09c042e2b..10946f82d 100644 --- a/test/datadog/process_agent_test.go +++ b/test/datadog/process_agent_test.go @@ -29,21 +29,22 @@ func Test_processAgentConfigs(t *testing.T) { assertions func(t *testing.T, manifest string) }{ { - name: "default", + name: "checks in process agent -- linux", command: common.HelmCommand{ ReleaseName: "datadog", ChartPath: "../../charts/datadog", ShowOnly: []string{"templates/daemonset.yaml"}, Values: []string{"../../charts/datadog/values.yaml"}, Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "false", }, }, - assertions: verifyDaemonsetMinimal, + assertions: verifyDaemonsetProcessAgentChecks, }, { - name: "default windows", + name: "checks in process agent -- windows", command: common.HelmCommand{ ReleaseName: "datadog", ChartPath: "../../charts/datadog", @@ -55,10 +56,10 @@ func Test_processAgentConfigs(t *testing.T) { "targetSystem": "windows", }, }, - assertions: verifyDaemonsetMinimalWindows, + assertions: verifyDaemonsetWindowsProcessAgentChecks, }, { - name: "all checks off", + name: "no checks -- linux", command: common.HelmCommand{ ReleaseName: "datadog", ChartPath: "../../charts/datadog", @@ -71,6 +72,7 @@ func Test_processAgentConfigs(t *testing.T) { "datadog.processAgent.containerCollection": "false", "datadog.processAgent.processDiscovery": "false", "datadog.apm.instrumentation.language_detection.enabled": "false", + "datadog.processAgent.runInCoreAgent": "false", }, }, assertions: verifyChecksOff, @@ -90,45 +92,13 @@ func Test_processAgentConfigs(t *testing.T) { "datadog.processAgent.processDiscovery": "false", "datadog.apm.instrumentation.language_detection.enabled": "false", "datadog.networkMonitoring.enabled": "true", + "datadog.processAgent.runInCoreAgent": "false", }, }, assertions: verifyOnlyNetworkMonitoringEnabled, }, { - name: "enable process checks in core agent -- linux with default version", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/daemonset.yaml"}, - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.processAgent.runInCoreAgent": "true", - "datadog.processAgent.processCollection": "true", - }, - }, - assertions: verifyLinuxRunInCoreAgent, - }, - { - name: "enable process checks in core agent -- linux with latest version", - command: common.HelmCommand{ - ReleaseName: "datadog", - ChartPath: "../../charts/datadog", - ShowOnly: []string{"templates/daemonset.yaml"}, - Values: []string{"../../charts/datadog/values.yaml"}, - Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.processAgent.runInCoreAgent": "true", - "datadog.processAgent.processCollection": "true", - "agents.image.tag": "latest", - }, - }, - assertions: verifyLinuxRunInCoreAgent, - }, - { - name: "enable process checks in core agent -- linux with version 7", + name: "enable process checks in core agent -- linux", command: common.HelmCommand{ ReleaseName: "datadog", ChartPath: "../../charts/datadog", @@ -139,7 +109,7 @@ func Test_processAgentConfigs(t *testing.T) { "datadog.appKeyExistingSecret": "datadog-secret", "datadog.processAgent.runInCoreAgent": "true", "datadog.processAgent.processCollection": "true", - "agents.image.tag": "7", + "agents.image.tag": "7.60.0", }, }, assertions: verifyLinuxRunInCoreAgent, @@ -156,9 +126,10 @@ func Test_processAgentConfigs(t *testing.T) { "datadog.appKeyExistingSecret": "datadog-secret", "targetSystem": "windows", "datadog.processAgent.runInCoreAgent": "true", + "agents.image.tag": "7.60.0", }, }, - assertions: verifyDaemonsetMinimalWindows, + assertions: verifyDaemonsetWindowsProcessAgentChecks, }, { name: "orchestrator enabled - latest version", @@ -175,6 +146,7 @@ func Test_processAgentConfigs(t *testing.T) { "datadog.processAgent.processDiscovery": "false", "datadog.apm.instrumentation.language_detection.enabled": "false", "datadog.orchestratorExplorer.enabled": "true", + "datadog.processAgent.runInCoreAgent": "false", }, }, assertions: verifyOrchestratorEnabledLatest, @@ -207,10 +179,10 @@ func Test_processAgentConfigs(t *testing.T) { ShowOnly: []string{"templates/daemonset.yaml"}, Values: []string{"../../charts/datadog/values.yaml"}, Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.processAgent.runInCoreAgent": "true", - "agents.image.tag": "7.52.0", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "agents.image.tag": "7.52.0", }, }, assertions: verifyLinuxRunInCoreAgentOld, @@ -223,10 +195,10 @@ func Test_processAgentConfigs(t *testing.T) { ShowOnly: []string{"templates/daemonset.yaml"}, Values: []string{"../../charts/datadog/values.yaml"}, Overrides: map[string]string{ - "datadog.apiKeyExistingSecret": "datadog-secret", - "datadog.appKeyExistingSecret": "datadog-secret", - "datadog.processAgent.runInCoreAgent": "true", - "agents.image.doNotCheckTag": "true", + "datadog.apiKeyExistingSecret": "datadog-secret", + "datadog.appKeyExistingSecret": "datadog-secret", + "datadog.processAgent.runInCoreAgent": "true", + "agents.image.doNotCheckTag": "true", }, }, assertions: verifyLinuxRunInCoreAgentOld, @@ -279,7 +251,7 @@ func Test_processAgentConfigs(t *testing.T) { "datadog.appKeyExistingSecret": "datadog-secret", "datadog.processAgent.runInCoreAgent": "true", "datadog.processAgent.processCollection": "true", - "agents.image.tag": "7.57", + "agents.image.tag": "7.60.0", "datadog.apm.instrumentation.language_detection.enabled": "true", "datadog.apm.instrumentation.enabled": "true", }, @@ -297,7 +269,7 @@ func Test_processAgentConfigs(t *testing.T) { } } -func verifyDaemonsetMinimal(t *testing.T, manifest string) { +func verifyDaemonsetProcessAgentChecks(t *testing.T, manifest string) { var deployment appsv1.DaemonSet common.Unmarshal(t, manifest, &deployment) coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") @@ -315,7 +287,7 @@ func verifyDaemonsetMinimal(t *testing.T, manifest string) { assert.True(t, getPasswdMount(t, processAgentContainer.VolumeMounts)) } -func verifyDaemonsetMinimalWindows(t *testing.T, manifest string) { +func verifyDaemonsetWindowsProcessAgentChecks(t *testing.T, manifest string) { var deployment appsv1.DaemonSet common.Unmarshal(t, manifest, &deployment) coreAgentContainer, ok := getContainer(t, deployment.Spec.Template.Spec.Containers, "agent") diff --git a/test/private-action-runner/__snapshot__/default.yaml b/test/private-action-runner/__snapshot__/default.yaml index 3766b77ec..a6842ac84 100644 --- a/test/private-action-runner/__snapshot__/default.yaml +++ b/test/private-action-runner/__snapshot__/default.yaml @@ -100,7 +100,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.5-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.10-beta" imagePullPolicy: IfNotPresent ports: - name: http diff --git a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml index 6b2d3f55c..0f68c4cc1 100644 --- a/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml +++ b/test/private-action-runner/__snapshot__/enable-kubernetes-actions.yaml @@ -144,7 +144,7 @@ spec: value: nodeless containers: - name: runner - image: "gcr.io/datadoghq/private-action-runner:v0.1.5-beta" + image: "gcr.io/datadoghq/private-action-runner:v0.1.10-beta" imagePullPolicy: IfNotPresent ports: - name: http